Sign-up

ID

VAR-202005-0683


CVE

CVE-2020-3184


TITLE

Cisco Prime Collaboration Provisioning In software SQL Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005762

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. (DoS) It may be put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.71

sources: NVD: CVE-2020-3184 // JVNDB: JVNDB-2020-005762 // VULHUB: VHN-181309

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:ltversion:12.6

Trust: 1.0

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:12.6

Trust: 1.0

vendor:ciscomodel:prime collaboration provisioningscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005762 // NVD: CVE-2020-3184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3184
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3184
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005762
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-1090
value: HIGH

Trust: 0.6

VULHUB: VHN-181309
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3184
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005762
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181309
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3184
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3184
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005762
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181309 // JVNDB: JVNDB-2020-005762 // CNNVD: CNNVD-202005-1090 // NVD: CVE-2020-3184 // NVD: CVE-2020-3184

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-181309 // JVNDB: JVNDB-2020-005762 // NVD: CVE-2020-3184

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-1090

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202005-1090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005762

PATCH
title:cisco-sa-pcp-sql-inj-22Auwt66url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pcp-sql-inj-22Auwt66
Trust: 0.8
title:Cisco Prime Collaboration Provisioning SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119650
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005762 // 
            
            
            
            CNNVD: CNNVD-202005-1090

EXTERNAL IDS
db:NVDid:CVE-2020-3184
Trust: 2.5
db:JVNDBid:JVNDB-2020-005762
Trust: 0.8
db:CNNVDid:CNNVD-202005-1090
Trust: 0.7
db:AUSCERTid:ESB-2020.1800
Trust: 0.6
db:CNVDid:CNVD-2020-29595
Trust: 0.1
db:VULHUBid:VHN-181309
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181309 // 
            
            
            
            JVNDB: JVNDB-2020-005762 // 
            
            
            
            CNNVD: CNNVD-202005-1090 // 
            
            
            
            NVD: CVE-2020-3184

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-pcp-sql-inj-22auwt66
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3184
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3184
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1800/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181309 // 
            
            
            
            JVNDB: JVNDB-2020-005762 // 
            
            
            
            CNNVD: CNNVD-202005-1090 // 
            
            
            
            NVD: CVE-2020-3184

SOURCES
db:VULHUBid:VHN-181309
db:JVNDBid:JVNDB-2020-005762
db:CNNVDid:CNNVD-202005-1090
db:NVDid:CVE-2020-3184

LAST UPDATE DATE
2024-11-23T22:37:23.439000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181309date:2020-05-27T00:00:00
db:JVNDBid:JVNDB-2020-005762date:2020-06-22T00:00:00
db:CNNVDid:CNNVD-202005-1090date:2020-05-28T00:00:00
db:NVDid:CVE-2020-3184date:2024-11-21T05:30:30.023

SOURCES RELEASE DATE
db:VULHUBid:VHN-181309date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-005762date:2020-06-22T00:00:00
db:CNNVDid:CNNVD-202005-1090date:2020-05-20T00:00:00
db:NVDid:CVE-2020-3184date:2020-05-22T06:15:10.213