What is CVE-2020-26066?

CVE-2020-26066 is a medium-severity vulnerability in Cisco Catalyst Sd-wan Manager, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.5/10. Published 2024-11-18.

How severe is CVE-2020-26066?

Medium severity. CVSS v3 base score is 6.5 out of 10.

XXE in Cisco Catalyst Sd-wan Manager

CVE-2020-26066

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper hand…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.002 (36.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X.

Affected products

Cisco Catalyst Sd-wan Manager — versions 20.1.12, 19.2.1, 18.4.4

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

cisco-sa-vmanx3-vrZbOqqD

Frequently asked questions

What is CVE-2020-26066?: CVE-2020-26066 is a medium-severity vulnerability in Cisco Catalyst Sd-wan Manager, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 6.5/10. Published 2024-11-18.
How severe is CVE-2020-26066?: Medium severity. CVSS v3 base score is 6.5 out of 10.