← Back

CVE-2020-3387

nvd nist
Published: Jul 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.

Affected (3)

Cisco
1 product
Sd Wan Firmware
Configuration A
3 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Cisco
Sd Wan Firmware
Up to 18.3.0
Sd Wan Firmware
From 18.4.0 to 19.2.3
Sd Wan Firmware
From 19.3.0 to 20.1.1.1
Running on/withPlatform Versions
Cisco
1100 4g Integrated Services Router
All versions
Cisco
1100 4gltegb Integrated Services Router
All versions
Cisco
1100 4gltena Integrated Services Router
All versions
Cisco
1100 6g Integrated Services Router
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: psirt@cisco.com
ExploitThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.