Plattform
cisco
Komponente
cisco-catalyst-sd-wan-manager
Behoben in
20.1.13
19.2.2
18.4.5
18.4.6
20.1.2
20.1.2
19.3.1
19.2.3
18.3.7
18.3.8
19.2.1
18.3.9
19.0.1
19.1.1
18.4.303
18.4.304
17.2.11
18.3.7
19.0.2
18.2.1
18.4.4
18.4.2
17.2.9
18.3.4
18.4.1
18.3.2
17.2.7
17.2.10
18.3.5
17.2.6
18.3.2
18.3.6
18.4.1
18.3.4
17.2.8
17.2.5
18.3.1
19.2.4
18.4.502
18.4.6
20.1.13
18.3.7
19.2.2
19.3.1
20.1.2
19.2.3
18.3.9
18.4.4
18.4.5
18.4.303
19.1.1
18.4.304
19.2.1
17.2.11
18.3.8
18.3.2
18.3.5
18.2.1
18.3.6
18.4.2
17.2.6
17.2.8
17.2.9
17.2.10
18.4.1
17.2.7
18.3.1
17.2.5
18.3.4
19.2.4
19.2.2
20.1.13
18.4.5
19.3.1
18.3.9
19.2.3
20.1.2
18.3.7
18.4.4
18.4.303
18.4.6
18.4.304
19.1.1
17.2.11
19.0.2
18.3.8
18.3.2
19.2.1
17.2.10
18.3.5
18.2.1
18.4.2
17.2.6
18.4.1
18.3.6
18.3.4
17.2.8
17.2.7
17.2.9
18.3.1
17.2.5
19.2.4
18.4.304
18.3.8
19.3.1
18.2.1
20.1.13
17.2.11
18.3.4
18.3.7
19.0.1
17.2.7
18.4.1
18.3.2
18.4.303
19.2.3
18.3.6
17.2.10
19.1.1
20.1.12
18.4.6
17.2.6
17.2.9
18.3.9
18.3.1
18.4.4
18.4.5
19.2.2
17.2.5
18.3.5
19.0.2
20.1.2
17.2.8
18.4.2
19.2.1
19.2.4
CVE-2020-26071 describes an Arbitrary File Access vulnerability within the Command Line Interface (CLI) of Cisco Catalyst SD-WAN Software. Successful exploitation allows an authenticated, local attacker to create or overwrite arbitrary files on the affected device, potentially leading to a denial-of-service (DoS) condition. This vulnerability impacts versions of the software up to and including 20.1.12, with a fix available in version 20.1.13.
An attacker exploiting CVE-2020-26071 can leverage crafted arguments within specific CLI commands to bypass input validation controls. This allows them to create or overwrite arbitrary files on the Cisco Catalyst SD-WAN Manager device. The most immediate impact is a denial-of-service (DoS) condition, as critical system files could be corrupted or overwritten, rendering the device unusable. Beyond DoS, the ability to write arbitrary files opens the door to potential privilege escalation or remote code execution if the attacker can overwrite files containing executable code or modify configuration files to gain unauthorized access. The blast radius extends to any network segment relying on the compromised SD-WAN Manager for routing and policy enforcement.
CVE-2020-26071 was publicly disclosed on November 18, 2024. There is no indication of active exploitation campaigns targeting this vulnerability at this time. The vulnerability is not currently listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog. The EPSS score is pending evaluation. Public proof-of-concept (PoC) exploits are not widely available, but the vulnerability's nature suggests that development of such exploits is likely.
Organizations heavily reliant on Cisco Catalyst SD-WAN Manager for their network connectivity and SD-WAN functionality are at risk. Specifically, environments with weak access controls to the CLI or those running older, unpatched versions (≤20.1.12) are particularly vulnerable. Shared hosting environments utilizing Cisco SD-WAN Manager should also be assessed for potential exposure.
• linux / server: Monitor system logs (e.g., /var/log/syslog) for unusual file creation or modification events within the SD-WAN Manager's file system. Use lsof to identify processes accessing sensitive files.
lsof /path/to/critical/file• cisco: Utilize Cisco's Security Intelligence Operations (SIO) to detect potential exploitation attempts. Review device logs for suspicious CLI commands or file access patterns. • generic web: Monitor network traffic for unusual connections to the SD-WAN Manager's CLI interface.
disclosure
Exploit-Status
EPSS
0.14% (33% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2020-26071 is to upgrade to Cisco Catalyst SD-WAN Software version 20.1.13 or later, which includes the necessary input validation fixes. If an immediate upgrade is not feasible, consider implementing strict access controls to the CLI, limiting access to authorized personnel only. Network segmentation can also help contain the impact of a potential breach. While a WAF or proxy cannot directly prevent this CLI-based vulnerability, they can be configured to monitor for unusual file access patterns or suspicious command sequences. After upgrading, verify the fix by attempting to execute the vulnerable CLI commands with crafted arguments; the commands should now be rejected with an appropriate error message.
Cisco ha publicado actualizaciones de software que abordan esta vulnerabilidad. Actualice el software Cisco SD-WAN a la última versión disponible proporcionada por el proveedor para mitigar el riesgo de explotación. No existen soluciones alternativas para esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2020-26071 is a HIGH severity vulnerability allowing authenticated local attackers to create or overwrite files on Cisco Catalyst SD-WAN Manager, potentially causing a DoS. It affects versions ≤20.1.12.
You are affected if you are running Cisco Catalyst SD-WAN Manager version 20.1.12 or earlier. Check your version and compare it to the affected versions listed in the advisory.
Upgrade to Cisco Catalyst SD-WAN Software version 20.1.13 or later to resolve the vulnerability. Implement stricter access controls to the CLI as an interim measure.
As of November 18, 2024, there are no publicly known active exploitation campaigns or proof-of-concept exploits for CVE-2020-26071.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cli-arbitrary-file-access-20200813]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.