Sign-up

ID

VAR-202006-1137


CVE

CVE-2020-3335


TITLE

Cisco Application Services Engine Vulnerability in lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006324

DESCRIPTION

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device

Trust: 1.71

sources: NVD: CVE-2020-3335 // JVNDB: JVNDB-2020-006324 // VULHUB: VHN-181460

AFFECTED PRODUCTS

vendor:ciscomodel:application services enginescope:ltversion:1.1.2.20

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(0c\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:application services enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006324 // NVD: CVE-2020-3335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3335
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3335
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006324
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-342
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181460
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3335
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006324
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181460
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3335
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3335
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006324
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181460 // JVNDB: JVNDB-2020-006324 // CNNVD: CNNVD-202006-342 // NVD: CVE-2020-3335 // NVD: CVE-2020-3335

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

problemtype:CWE-863

Trust: 1.1

sources: VULHUB: VHN-181460 // JVNDB: JVNDB-2020-006324 // NVD: CVE-2020-3335

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-342

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202006-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006324

PATCH
title:cisco-sa-APIC-KSV-3wzbHYT4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-KSV-3wzbHYT4
Trust: 0.8
title:Cisco Application Services Engine Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120789
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006324 // 
            
            
            
            CNNVD: CNNVD-202006-342

EXTERNAL IDS
db:NVDid:CVE-2020-3335
Trust: 2.5
db:JVNDBid:JVNDB-2020-006324
Trust: 0.8
db:CNNVDid:CNNVD-202006-342
Trust: 0.7
db:AUSCERTid:ESB-2020.1930
Trust: 0.6
db:NSFOCUSid:47499
Trust: 0.6
db:CNVDid:CNVD-2020-32908
Trust: 0.1
db:VULHUBid:VHN-181460
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181460 // 
            
            
            
            JVNDB: JVNDB-2020-006324 // 
            
            
            
            CNNVD: CNNVD-202006-342 // 
            
            
            
            NVD: CVE-2020-3335

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apic-ksv-3wzbhyt4
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3335
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3335
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47499
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1930/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181460 // 
            
            
            
            JVNDB: JVNDB-2020-006324 // 
            
            
            
            CNNVD: CNNVD-202006-342 // 
            
            
            
            NVD: CVE-2020-3335

SOURCES
db:VULHUBid:VHN-181460
db:JVNDBid:JVNDB-2020-006324
db:CNNVDid:CNNVD-202006-342
db:NVDid:CVE-2020-3335

LAST UPDATE DATE
2024-08-14T14:44:48.946000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181460date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-006324date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-342date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3335date:2021-08-06T18:40:03.883

SOURCES RELEASE DATE
db:VULHUBid:VHN-181460date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006324date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-342date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3335date:2020-06-03T18:15:22.447