What is CVE-2020-27128?

CVE-2020-27128 is a medium-severity vulnerability in Cisco Sd-wan Vmanage, classified under Path Traversal. CVSS score: 6.5/10. Published 2020-11-06.

How severe is CVE-2020-27128?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Path Traversal in Cisco Sd-wan Vmanage

CVE-2020-27128

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.608 (99.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Cisco Sd-wan Vmanage — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

20201104 Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-27128?: CVE-2020-27128 is a medium-severity vulnerability in Cisco Sd-wan Vmanage, classified under Path Traversal. CVSS score: 6.5/10. Published 2020-11-06.
How severe is CVE-2020-27128?: Medium severity. CVSS v3 base score is 6.5 out of 10.