7.8
CVE-2020-3379
- EPSS 0.06%
- Published 16.07.2020 18:15:18
- Last modified 21.11.2024 05:30:54
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Sd-wan Firmware Version < 18.3.0
Cisco ≫ Vedge 100 Version-
Cisco ≫ Vedge 1000 Version-
Cisco ≫ Vedge 100b Version-
Cisco ≫ Vedge 100m Version-
Cisco ≫ Vedge 100wm Version-
Cisco ≫ Vedge 2000 Version-
Cisco ≫ Vedge 5000 Version-
Cisco ≫ Vedge 1000 Version-
Cisco ≫ Vedge 100b Version-
Cisco ≫ Vedge 100m Version-
Cisco ≫ Vedge 100wm Version-
Cisco ≫ Vedge 2000 Version-
Cisco ≫ Vedge 5000 Version-
Cisco ≫ Vbond Orchestrator Version-
Cisco ≫ Vsmart Controller Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.146 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 5.3 | 1.8 | 3.4 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.