9
CVE-2020-3387
- EPSS 45.69%
- Veröffentlicht 16.07.2020 18:15:19
- Zuletzt bearbeitet 21.11.2024 05:30:55
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Sd-wan Firmware Version <= 18.3.0
Cisco ≫ 1100-4g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ Sd-wan Firmware Version >= 18.4.0 < 19.2.3
Cisco ≫ 1100-4g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ Sd-wan Firmware Version >= 19.3.0 < 20.1.1.1
Cisco ≫ 1100-4g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1100-4gltegb Integrated Services Router Version-
Cisco ≫ 1100-4gltena Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 45.69% | 0.975 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9 | 8 | 10 |
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
| psirt@cisco.com | 7.5 | 1.6 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.