← Back

CVE-2020-3598

nvd nist
Published: Oct 8, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.

Affected (7)

Cisco
1 product
Vision Dynamic Signage Director
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Vision Dynamic Signage Director
Before 6.2.0
Vision Dynamic Signage Director
Version 6.2.0
Vision Dynamic Signage Director
Version 6.2.0 sp1
Vision Dynamic Signage Director
Version 6.2.0 sp2
Vision Dynamic Signage Director
Version 6.2.0 sp3
Vision Dynamic Signage Director
Version 6.2.0 sp4
Vision Dynamic Signage Director
Version 6.2.0 sp5

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.