Sign-up

ID

VAR-202006-1140


CVE

CVE-2020-3339


TITLE

Cisco Prime Infrastructure In SQL Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006074

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database. Cisco Prime Infrastructure Software is a set of basic network life cycle management solutions of Cisco (Cisco). The product integrates Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS)

Trust: 1.71

sources: NVD: CVE-2020-3339 // JVNDB: JVNDB-2020-006074 // VULHUB: VHN-181464

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:lteversion:3.7.1

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:eqversion:3.8

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006074 // NVD: CVE-2020-3339

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3339
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3339
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006074
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-361
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181464
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3339
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006074
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181464
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3339
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3339
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006074
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181464 // JVNDB: JVNDB-2020-006074 // CNNVD: CNNVD-202006-361 // NVD: CVE-2020-3339 // NVD: CVE-2020-3339

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-181464 // JVNDB: JVNDB-2020-006074 // NVD: CVE-2020-3339

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-361

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-361

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006074

PATCH
title:cisco-sa-pi-sql-inj-KGLLsFw8url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-sql-inj-KGLLsFw8
Trust: 0.8
title:Cisco Prime Infrastructure Software SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120259
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006074 // 
            
            
            
            CNNVD: CNNVD-202006-361

EXTERNAL IDS
db:NVDid:CVE-2020-3339
Trust: 2.5
db:JVNDBid:JVNDB-2020-006074
Trust: 0.8
db:CNNVDid:CNNVD-202006-361
Trust: 0.7
db:NSFOCUSid:47254
Trust: 0.6
db:AUSCERTid:ESB-2020.1957
Trust: 0.6
db:VULHUBid:VHN-181464
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181464 // 
            
            
            
            JVNDB: JVNDB-2020-006074 // 
            
            
            
            CNNVD: CNNVD-202006-361 // 
            
            
            
            NVD: CVE-2020-3339

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-pi-sql-inj-kgllsfw8
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3339
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3339
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-prime-infrastructure-sql-injection-32422
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1957/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47254
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181464 // 
            
            
            
            JVNDB: JVNDB-2020-006074 // 
            
            
            
            CNNVD: CNNVD-202006-361 // 
            
            
            
            NVD: CVE-2020-3339

SOURCES
db:VULHUBid:VHN-181464
db:JVNDBid:JVNDB-2020-006074
db:CNNVDid:CNNVD-202006-361
db:NVDid:CVE-2020-3339

LAST UPDATE DATE
2024-11-23T21:59:11.893000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181464date:2020-06-05T00:00:00
db:JVNDBid:JVNDB-2020-006074date:2020-06-30T00:00:00
db:CNNVDid:CNNVD-202006-361date:2020-07-27T00:00:00
db:NVDid:CVE-2020-3339date:2024-11-21T05:30:50.023

SOURCES RELEASE DATE
db:VULHUBid:VHN-181464date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006074date:2020-06-30T00:00:00
db:CNNVDid:CNNVD-202006-361date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3339date:2020-06-03T19:15:11.753