Sign-up

ID

VAR-202007-1038


CVE

CVE-2020-3370


TITLE

Cisco Content Security Management Appliance Vulnerability regarding input verification in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008328

DESCRIPTION

A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites. The device is mainly used to manage all policies, reports, and audit information of email and Web security devices. of email and web security appliances

Trust: 2.25

sources: NVD: CVE-2020-3370 // JVNDB: JVNDB-2020-008328 // CNVD: CNVD-2020-44603 // VULHUB: VHN-181495

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-44603

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:gteversion:13.5.0

Trust: 1.0

vendor:ciscomodel:email security appliancescope:ltversion:13.0.1

Trust: 1.0

vendor:ciscomodel:email security appliancescope:ltversion:13.5.1

Trust: 1.0

vendor:ciscomodel:content security management appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:content security management appliancescope:ltversion:13.0.1

Trust: 0.6

vendor:ciscomodel:content security management appliancescope:ltversion:13.5.1

Trust: 0.6

sources: CNVD: CNVD-2020-44603 // JVNDB: JVNDB-2020-008328 // NVD: CVE-2020-3370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3370
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3370
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008328
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-44603
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-1044
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181495
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3370
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008328
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-44603
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181495
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3370
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3370
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008328
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-44603 // VULHUB: VHN-181495 // JVNDB: JVNDB-2020-008328 // CNNVD: CNNVD-202007-1044 // NVD: CVE-2020-3370 // NVD: CVE-2020-3370

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181495 // JVNDB: JVNDB-2020-008328 // NVD: CVE-2020-3370

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1044

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1044

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008328

PATCH
title:cisco-sa-ESA-filt-39jXvMfMurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ESA-filt-39jXvMfM
Trust: 0.8
title:Patch for Cisco Content Security Management Appliance input validation error vulnerability (CNVD-2020-44603)url:https://www.cnvd.org.cn/patchInfo/show/227851
Trust: 0.6
title:Cisco Content Security Management Appliance Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124538
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-44603 // 
            
            
            
            JVNDB: JVNDB-2020-008328 // 
            
            
            
            CNNVD: CNNVD-202007-1044

EXTERNAL IDS
db:NVDid:CVE-2020-3370
Trust: 3.1
db:JVNDBid:JVNDB-2020-008328
Trust: 0.8
db:CNVDid:CNVD-2020-44603
Trust: 0.7
db:CNNVDid:CNNVD-202007-1044
Trust: 0.7
db:AUSCERTid:ESB-2020.2422.2
Trust: 0.6
db:AUSCERTid:ESB-2020.2422
Trust: 0.6
db:VULHUBid:VHN-181495
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-44603 // 
            
            
            
            VULHUB: VHN-181495 // 
            
            
            
            JVNDB: JVNDB-2020-008328 // 
            
            
            
            CNNVD: CNNVD-202007-1044 // 
            
            
            
            NVD: CVE-2020-3370

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-filt-39jxvmfm
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3370
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3370
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2422.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-content-security-management-appliance-privilege-escalation-via-bypass-url-filtering-32854
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2422/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-44603 // 
            
            
            
            VULHUB: VHN-181495 // 
            
            
            
            JVNDB: JVNDB-2020-008328 // 
            
            
            
            CNNVD: CNNVD-202007-1044 // 
            
            
            
            NVD: CVE-2020-3370

SOURCES
db:CNVDid:CNVD-2020-44603
db:VULHUBid:VHN-181495
db:JVNDBid:JVNDB-2020-008328
db:CNNVDid:CNNVD-202007-1044
db:NVDid:CVE-2020-3370

LAST UPDATE DATE
2024-11-23T21:51:25.440000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-44603date:2020-08-06T00:00:00
db:VULHUBid:VHN-181495date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-008328date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1044date:2020-07-24T00:00:00
db:NVDid:CVE-2020-3370date:2024-11-21T05:30:53.797

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-44603date:2020-07-30T00:00:00
db:VULHUBid:VHN-181495date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008328date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1044date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3370date:2020-07-16T18:15:18.363