Sign-up

ID

VAR-202007-1040


CVE

CVE-2020-3374


TITLE

Cisco SD-WAN vManage Software fraudulent authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-009017

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. Cisco SD-WAN vManage The software contains vulnerabilities related to unauthorized authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.71

sources: NVD: CVE-2020-3374 // JVNDB: JVNDB-2020-009017 // VULHUB: VHN-181499

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:gteversion:19.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:18.4.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:18.4.5

Trust: 1.0

vendor:ciscomodel:sd-wanscope:lteversion:18.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.1.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:19.2.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.2.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009017 // NVD: CVE-2020-3374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3374
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3374
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009017
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1704
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181499
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3374
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009017
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181499
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3374
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3374
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009017
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181499 // JVNDB: JVNDB-2020-009017 // CNNVD: CNNVD-202007-1704 // NVD: CVE-2020-3374 // NVD: CVE-2020-3374

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-285

Trust: 1.0

sources: VULHUB: VHN-181499 // JVNDB: JVNDB-2020-009017 // NVD: CVE-2020-3374

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1704

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1704

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009017

PATCH
title:cisco-sa-uabvman-SYGzt8Bvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uabvman-SYGzt8Bv
Trust: 0.8
title:Cisco SD-WAN vManage Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125214
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009017 // 
            
            
            
            CNNVD: CNNVD-202007-1704

EXTERNAL IDS
db:NVDid:CVE-2020-3374
Trust: 2.5
db:JVNDBid:JVNDB-2020-009017
Trust: 0.8
db:CNNVDid:CNNVD-202007-1704
Trust: 0.7
db:AUSCERTid:ESB-2020.2601
Trust: 0.6
db:NSFOCUSid:47823
Trust: 0.6
db:CNVDid:CNVD-2020-44061
Trust: 0.1
db:VULHUBid:VHN-181499
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181499 // 
            
            
            
            JVNDB: JVNDB-2020-009017 // 
            
            
            
            CNNVD: CNNVD-202007-1704 // 
            
            
            
            NVD: CVE-2020-3374

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-uabvman-sygzt8bv
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3374
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3374
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2601/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47823
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181499 // 
            
            
            
            JVNDB: JVNDB-2020-009017 // 
            
            
            
            CNNVD: CNNVD-202007-1704 // 
            
            
            
            NVD: CVE-2020-3374

SOURCES
db:VULHUBid:VHN-181499
db:JVNDBid:JVNDB-2020-009017
db:CNNVDid:CNNVD-202007-1704
db:NVDid:CVE-2020-3374

LAST UPDATE DATE
2024-11-23T22:05:34.109000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181499date:2020-08-06T00:00:00
db:JVNDBid:JVNDB-2020-009017date:2020-10-14T00:00:00
db:CNNVDid:CNNVD-202007-1704date:2020-08-18T00:00:00
db:NVDid:CVE-2020-3374date:2024-11-21T05:30:54.320

SOURCES RELEASE DATE
db:VULHUBid:VHN-181499date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-009017date:2020-10-14T00:00:00
db:CNNVDid:CNNVD-202007-1704date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3374date:2020-07-31T00:15:12.710