ID

VAR-202006-1137


CVE

CVE-2020-3335


TITLE

Cisco Application Services Engine Vulnerability in lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006324

DESCRIPTION

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device

Trust: 1.71

sources: NVD: CVE-2020-3335 // JVNDB: JVNDB-2020-006324 // VULHUB: VHN-181460

AFFECTED PRODUCTS

vendor:ciscomodel:application services enginescope:ltversion:1.1.2.20

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(0c\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:application services enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006324 // NVD: CVE-2020-3335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3335
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3335
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006324
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-342
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181460
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3335
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006324
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181460
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3335
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3335
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006324
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181460 // JVNDB: JVNDB-2020-006324 // CNNVD: CNNVD-202006-342 // NVD: CVE-2020-3335 // NVD: CVE-2020-3335

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

problemtype:CWE-863

Trust: 1.1

sources: VULHUB: VHN-181460 // JVNDB: JVNDB-2020-006324 // NVD: CVE-2020-3335

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-342

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202006-342

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006324

PATCH

title:cisco-sa-APIC-KSV-3wzbHYT4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-KSV-3wzbHYT4

Trust: 0.8

title:Cisco Application Services Engine Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120789

Trust: 0.6

sources: JVNDB: JVNDB-2020-006324 // CNNVD: CNNVD-202006-342

EXTERNAL IDS

db:NVDid:CVE-2020-3335

Trust: 2.5

db:JVNDBid:JVNDB-2020-006324

Trust: 0.8

db:CNNVDid:CNNVD-202006-342

Trust: 0.7

db:AUSCERTid:ESB-2020.1930

Trust: 0.6

db:NSFOCUSid:47499

Trust: 0.6

db:CNVDid:CNVD-2020-32908

Trust: 0.1

db:VULHUBid:VHN-181460

Trust: 0.1

sources: VULHUB: VHN-181460 // JVNDB: JVNDB-2020-006324 // CNNVD: CNNVD-202006-342 // NVD: CVE-2020-3335

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apic-ksv-3wzbhyt4

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3335

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3335

Trust: 0.8

url:http://www.nsfocus.net/vulndb/47499

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1930/

Trust: 0.6

sources: VULHUB: VHN-181460 // JVNDB: JVNDB-2020-006324 // CNNVD: CNNVD-202006-342 // NVD: CVE-2020-3335

SOURCES

db:VULHUBid:VHN-181460
db:JVNDBid:JVNDB-2020-006324
db:CNNVDid:CNNVD-202006-342
db:NVDid:CVE-2020-3335

LAST UPDATE DATE

2024-08-14T14:44:48.946000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181460date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-006324date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-342date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3335date:2021-08-06T18:40:03.883

SOURCES RELEASE DATE

db:VULHUBid:VHN-181460date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006324date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-342date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3335date:2020-06-03T18:15:22.447