← Back

CVE-2020-3180

nvd nist
Published: Jul 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges.

Affected (3)

Products: Cisco: Sd Wan
Cisco
1 product
Sd Wan
Configuration A
1 vulnerable · 12 platform
Vulnerable SoftwareAffected Versions
Sd Wan
From 18.3.0 to 18.3.6
Running on/withPlatform Versions
Cisco
1100 4g Integrated Services Router
All versions
Cisco
1100 4gltegb Integrated Services Router
All versions
Cisco
1100 4gltena Integrated Services Router
All versions
Cisco
1100 6g Integrated Services Router
All versions
Cisco
1100 Integrated Services Router
All versions
Cisco
Vedge 100
All versions
Cisco
Vedge 1000
All versions
Cisco
Vedge 100b
All versions
Cisco
Vedge 100m
All versions
Cisco
Vedge 100wm
All versions
Cisco
Vedge 2000
All versions
Cisco
Vedge 5000
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Sd Wan
From 18.4.0 to 18.4.5
Sd Wan
From 19.2.0 to 19.2.2

Related CWEs

CWE-264
CWE-264
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.