Cisco Bug: CSCvi01873 - CSD-733: Path traversal in upload vEdge list
Sep 14, 2019
- Cisco SD-WAN
Known Affected Releases
$$IGNORE_PSIRT Symptoms: A vulnerability in the vManage web portal of the Cisco Virtual Manager Software as a Service (SaaS) could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. A successful exploit could allow the attacker to gain write access to some files which could allow the attacker to overwrite the write-accessible files and compromise the integrity of the system. Conditions: None.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases