Primary

Context

Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability

Vulnerability

Patched

A vulnerability exists in the application data endpoints of Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage), allowing authenticated, remote attackers to write arbitrary files to the system. This issue arises from inadequate validation of requests to APIs, enabling attackers to send malicious requests that could exploit directory traversal vulnerabilities and write files to arbitrary locations on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation, potentially allowing for further attacks such as code execution or manipulation of the application environment.

Remediation

Cisco has released software updates to address this vulnerability. Customers should consult the Cisco Security Advisories page for guidance on upgrading to a fixed release.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Catalyst SD-WAN Manager Arbitrary File Creation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Catalyst SD-WAN Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating