CVE-2020-3378
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
Affected (2)
Products: Cisco: Sd Wan Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 18.4.5 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 4g Integrated Services Router | All versions |
Cisco 1100 4gltegb Integrated Services Router | All versions |
Cisco 1100 4gltena Integrated Services Router | All versions |
Cisco 1100 6g Integrated Services Router | All versions |
Cisco Vedge 100 | All versions |
Cisco Vedge 1000 | All versions |
Cisco Vedge 100b | All versions |
Cisco Vedge 100m | All versions |
Cisco Vedge 100wm | All versions |
Cisco Vedge 2000 | All versions |
Cisco Vedge 5000 | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.