Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2020-3374

Published

3 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

Critical

Impact Analysis

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system..

CVSSv2.0 Score

Severity: High
Base Score: 9/10
Exploit Score: 8/10
Access Vector: Network
Access Complexity: Low
Authentication Required: Single
Impact Score: 10/10
Confidentiality Impact: Complete
Availability Impact: Complete
Integrity Impact: Complete

CVSSv3.1 Score

Severity: Critical
Base Score: 9.9/10
Exploit Score: 3.1/10
Access Vector: Network
Access Complexity: Low
Privileges Required: Low
Impact Score: 6/10
Confidentiality Impact: High
Availability Impact: High
Integrity Impact: High
Scope: Changed
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:cisco:sd-wan::::::::	Yes	19.2.0	19.2.2
cpe:2.3:a:cisco:sd-wan::::::::	Yes	18.4.0	18.4.5
cpe:2.3:a:cisco:sd-wan::::::::	Yes	19.3.0	20.1.1
cpe:2.3:a:cisco:sd-wan::::::::	Yes	-	-

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uabvman-S