6.5

CVE-2020-3598

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoVision Dynamic Signage Director Version6.2.0 Update-
CiscoVision Dynamic Signage Director Version6.2.0 Updatesp1
CiscoVision Dynamic Signage Director Version6.2.0 Updatesp2
CiscoVision Dynamic Signage Director Version6.2.0 Updatesp3
CiscoVision Dynamic Signage Director Version6.2.0 Updatesp4
CiscoVision Dynamic Signage Director Version6.2.0 Updatesp5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.46
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
psirt@cisco.com 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.