6.5
CVE-2020-3598
- EPSS 0.26%
- Published 08.10.2020 05:15:15
- Last modified 21.11.2024 05:31:23
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Vision Dynamic Signage Director Version < 6.2.0
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Update-
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Updatesp1
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Updatesp2
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Updatesp3
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Updatesp4
Cisco ≫ Vision Dynamic Signage Director Version6.2.0 Updatesp5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.46 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
| psirt@cisco.com | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.