CVE-2020-3381 - OpenCVE

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	1100-4g Integrated Services Router 1100-6g Integrated Services Router Sd-wan Firmware 1100-4gltegb Integrated Services Router 1100-4gltena Integrated Services Router

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:sd-wan_firmware::::::::
	cpe:2.3:o:cisco:sd-wan_firmware::::::::
	cpe:2.3:o:cisco:sd-wan_firmware::::::::

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2020-07-15T00:00:00

Updated: 2020-07-16T17:22:00

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3381

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-16T18:15:18.907

Modified: 2023-05-23T13:55:46.380

Link: CVE-2020-3381

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Cisco SD-WAN vManage ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-16T17:22:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200715 Cisco SD-WAN vManage Software Directory Traversal Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg"}], "source": {"advisory": "cisco-sa-vmdirtrav-eFdAxsJg", "defect": [["CSCvt72764"]], "discovery": "INTERNAL"}, "title": "Cisco SD-WAN vManage Software Directory Traversal Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-07-15T16:00:00", "ID": "CVE-2020-3381", "STATE": "PUBLIC", "TITLE": "Cisco SD-WAN vManage Software Directory Traversal Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco SD-WAN vManage ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "8.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "20200715 Cisco SD-WAN vManage Software Directory Traversal Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg"}]}, "source": {"advisory": "cisco-sa-vmdirtrav-eFdAxsJg", "defect": [["CSCvt72764"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3381", "datePublished": "2020-07-15T00:00:00", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2020-07-16T17:22:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2374CB29-E84C-4F2C-919C-1AE05880C8C9", "versionEndIncluding": "18.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13929F17-0B3B-45B4-B208-B1500621E9B0", "versionEndExcluding": "19.2.3", "versionStartIncluding": "18.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBF65E6E-7BF2-42F8-9079-3AFBD7FAB658", "versionEndIncluding": "20.1", "versionStartIncluding": "19.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F77CD6A-83DA-4F31-A128-AD6DAECD623B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "62564BB8-1282-4597-A645-056298BE7CCB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E9CC47-3D7C-437A-85BE-4BB94C8AF1B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B68B363-3C57-4E95-8B13-0F9B59D551F7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco SD-WAN vManage Software podr\u00eda permitir a un atacante remoto autenticado llevar a cabo ataques de salto de directorio y obtener acceso de lectura y escritura a archivos confidenciales en un sistema objetivo. La vulnerabilidad es debido a una falta de comprobaci\u00f3n apropiada de los archivos que son cargados en un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la carga de un archivo dise\u00f1ado sobre un sistema afectado. Un explotaci\u00f3n podr\u00eda permitir al atacante visualizar o modificar archivos arbitrarios en el sistema objetivo"}], "id": "CVE-2020-3381", "lastModified": "2023-05-23T13:55:46.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-16T18:15:18.907", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmdirtrav-eFdAxsJg"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}