Lucene search

CiscoCVE-2020-3387

HistoryJul 16, 2020 - 6:15 p.m.

CVE-2020-3387

2020-07-1618:15:19

CWE-20

cisco

web.nvd.nist.gov

cisco

sd-wan

vmanage

software

vulnerability

remote code execution

root privileges

nvd

cve-2020-3387

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.

Affected configurations

Nvd

Node

ciscosd-wan_firmwareRange≤18.3.0

ciscosd-wan_firmwareRange18.4.0–19.2.3

ciscosd-wan_firmwareRange19.3.0–20.1.1.1

AND

cisco1100-4g_integrated_services_routerMatch-

cisco1100-4gltegb_integrated_services_routerMatch-

cisco1100-4gltena_integrated_services_routerMatch-

cisco1100-6g_integrated_services_routerMatch-

VendorProductVersionCPE
ciscosd-wan_firmware*cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
cisco1100-4g_integrated_services_router-cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-4gltegb_integrated_services_router-cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-4gltena_integrated_services_router-cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-6g_integrated_services_router-cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sd-wan_firmware	*	cpe:2.3:o:cisco:sd-wan_firmware::::::::
cisco	1100-4g_integrated_services_router	-	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
cisco	1100-4gltegb_integrated_services_router	-	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
cisco	1100-4gltena_integrated_services_router	-	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
cisco	1100-6g_integrated_services_router	-	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*

CNA Affected

[
  {
    "product": "Cisco SD-WAN vManage",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanrce-4jtWT28P

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.005

Percentile

76.0%

JSON

Related for CVE-2020-3387