Sign-up

ID

VAR-202007-0996


CVE

CVE-2020-3140


TITLE

Cisco Prime License Manager Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008399

DESCRIPTION

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability. Cisco Prime License Manager (PLM) Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3140 // JVNDB: JVNDB-2020-008399 // VULHUB: VHN-181265

AFFECTED PRODUCTS

vendor:ciscomodel:prime license managerscope:gteversion:11.0

Trust: 1.0

vendor:ciscomodel:prime license managerscope:lteversion:11.5\(1\)su6

Trust: 1.0

vendor:ciscomodel:prime license managerscope:lteversion:10.5\(2\)su9

Trust: 1.0

vendor:ciscomodel:prime license managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008399 // NVD: CVE-2020-3140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3140
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3140
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-008399
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1129
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181265
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3140
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008399
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181265
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3140
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3140
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008399
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181265 // JVNDB: JVNDB-2020-008399 // CNNVD: CNNVD-202007-1129 // NVD: CVE-2020-3140 // NVD: CVE-2020-3140

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-255

Trust: 1.0

sources: VULHUB: VHN-181265 // JVNDB: JVNDB-2020-008399 // NVD: CVE-2020-3140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1129

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-1129

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008399

PATCH
title:cisco-sa-cisco-prime-priv-esc-HyhwdzBAurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA
Trust: 0.8
title:Cisco Prime License Manager Software Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124588
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008399 // 
            
            
            
            CNNVD: CNNVD-202007-1129

EXTERNAL IDS
db:NVDid:CVE-2020-3140
Trust: 2.5
db:JVNDBid:JVNDB-2020-008399
Trust: 0.8
db:CNNVDid:CNNVD-202007-1129
Trust: 0.7
db:NSFOCUSid:47634
Trust: 0.6
db:CNVDid:CNVD-2020-49555
Trust: 0.1
db:VULHUBid:VHN-181265
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181265 // 
            
            
            
            JVNDB: JVNDB-2020-008399 // 
            
            
            
            CNNVD: CNNVD-202007-1129 // 
            
            
            
            NVD: CVE-2020-3140

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cisco-prime-priv-esc-hyhwdzba
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3140
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3140\
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47634
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181265 // 
            
            
            
            JVNDB: JVNDB-2020-008399 // 
            
            
            
            CNNVD: CNNVD-202007-1129 // 
            
            
            
            NVD: CVE-2020-3140

SOURCES
db:VULHUBid:VHN-181265
db:JVNDBid:JVNDB-2020-008399
db:CNNVDid:CNNVD-202007-1129
db:NVDid:CVE-2020-3140

LAST UPDATE DATE
2024-11-23T21:51:25.495000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181265date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-008399date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202007-1129date:2020-08-12T00:00:00
db:NVDid:CVE-2020-3140date:2024-11-21T05:30:24.467

SOURCES RELEASE DATE
db:VULHUBid:VHN-181265date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008399date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202007-1129date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3140date:2020-07-16T18:15:16.347