{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T04:21:36.103","vulnerabilities":[{"cve":{"id":"CVE-2020-3401","sourceIdentifier":"psirt@cisco.com","published":"2020-07-16T18:15:19.300","lastModified":"2024-11-21T05:30:57.523","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web de Cisco SD-WAN vManage Software podría permitir a un atacante remoto autenticado llevar a cabo ataques de salto de ruta y obtener acceso de lectura a archivos confidenciales sobre un sistema afectado. La vulnerabilidad es debido a una comprobación insuficiente de las peticiones HTTP. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada que contenga secuencias de caracteres de salto de directorio hacia el sistema afectado. Una explotación con éxito podría permitir al atacante visualizar archivos arbitrarios en el sistema afectado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV30":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"19.2.2","matchCriteriaId":"7A3EF017-77E2-4D00-9209-6FC239FFDEF1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"0F77CD6A-83DA-4F31-A128-AD6DAECD623B"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"62564BB8-1282-4597-A645-056298BE7CCB"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"80E9CC47-3D7C-437A-85BE-4BB94C8AF1B8"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*","matchCriteriaId":"2B68B363-3C57-4E95-8B13-0F9B59D551F7"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*","matchCriteriaId":"00AAB4DD-1C45-412F-84AA-C056A0BBFB9A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"F019975D-3A45-4522-9CB9-F4258C371DF6"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*","matchCriteriaId":"0811E0B5-889E-451E-B754-A8FEE32BDFA2"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*","matchCriteriaId":"36973815-F46D-4ADA-B9DF-BCB70AC60BD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*","matchCriteriaId":"061A302C-8D35-4E80-93DA-916DA7E90C06"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"140AF13E-4463-478B-AA94-97406A80CB86"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*","matchCriteriaId":"1356861D-E6CA-4973-9597-629507E8C07E"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmandowndir-CVGvdKM3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}