Cisco Bug: CSCvi01873 - CSD-733: Path traversal in upload vEdge list

Last Modified

Jul 29, 2019

Products (1)

Cisco SD-WAN

Known Affected Releases

unspecified

Description (partial)

$$IGNORE_PSIRT

Symptoms:

A vulnerability in the vManage web portal of the Cisco Virtual Manager Software as a Service (SaaS) could allow an authenticated, local attacker to
gain write access to some files in the underlying operating system.

The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this
vulnerability by uploading a crafted file to an affected system. A successful exploit could allow the attacker to gain write access to some files
which could allow the attacker to overwrite the write-accessible files and compromise the integrity of the system.

Conditions:
None.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts