Sign-up

ID

VAR-202007-1045


CVE

CVE-2020-3379


TITLE

Cisco SD-WAN Solution Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-008331

DESCRIPTION

A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges. Cisco SD-WAN Solution The software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco). A permission and access control issue vulnerability exists in Cisco SD-WAN Solution versions prior to 18.3.0, where the program does not properly validate input. The following products and versions are affected: Cisco SD-WAN vBond Orchestrator; SD-WAN vEdge Routers; SD-WAN vManage; SD-WAN vSmart Controller

Trust: 1.8

sources: NVD: CVE-2020-3379 // JVNDB: JVNDB-2020-008331 // VULHUB: VHN-181504 // VULMON: CVE-2020-3379

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:18.3.0

Trust: 1.0

vendor:ciscomodel:vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:vsmart controllerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008331 // NVD: CVE-2020-3379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3379
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3379
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008331
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1070
value: HIGH

Trust: 0.6

VULHUB: VHN-181504
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3379
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3379
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008331
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181504
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3379
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3379
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008331
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181504 // VULMON: CVE-2020-3379 // JVNDB: JVNDB-2020-008331 // CNNVD: CNNVD-202007-1070 // NVD: CVE-2020-3379 // NVD: CVE-2020-3379

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-264

Trust: 1.0

sources: VULHUB: VHN-181504 // JVNDB: JVNDB-2020-008331 // NVD: CVE-2020-3379

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1070

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1070

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008331

PATCH
title:cisco-sa-vmpresc-SyzcS4kCurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC
Trust: 0.8
title:Cisco SD-WAN Solution Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125173
Trust: 0.6
title:Cisco: Cisco SD-WAN Solution Software Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmpresc-SyzcS4kC
Trust: 0.1
title:CVE-2020-3379url:https://github.com/AlAIAL90/CVE-2020-3379 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3379 // 
            
            
            
            JVNDB: JVNDB-2020-008331 // 
            
            
            
            CNNVD: CNNVD-202007-1070

EXTERNAL IDS
db:NVDid:CVE-2020-3379
Trust: 2.6
db:JVNDBid:JVNDB-2020-008331
Trust: 0.8
db:CNNVDid:CNNVD-202007-1070
Trust: 0.7
db:AUSCERTid:ESB-2020.2424
Trust: 0.6
db:NSFOCUSid:48002
Trust: 0.6
db:CNVDid:CNVD-2020-50563
Trust: 0.1
db:VULHUBid:VHN-181504
Trust: 0.1
db:VULMONid:CVE-2020-3379
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181504 // 
            
            
            
            VULMON: CVE-2020-3379 // 
            
            
            
            JVNDB: JVNDB-2020-008331 // 
            
            
            
            CNNVD: CNNVD-202007-1070 // 
            
            
            
            NVD: CVE-2020-3379

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmpresc-syzcs4kc
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-3379
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3379
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2424/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-sd-wan-solution-software-privilege-escalation-32859
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48002
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3379
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181504 // 
            
            
            
            VULMON: CVE-2020-3379 // 
            
            
            
            JVNDB: JVNDB-2020-008331 // 
            
            
            
            CNNVD: CNNVD-202007-1070 // 
            
            
            
            NVD: CVE-2020-3379

SOURCES
db:VULHUBid:VHN-181504
db:VULMONid:CVE-2020-3379
db:JVNDBid:JVNDB-2020-008331
db:CNNVDid:CNNVD-202007-1070
db:NVDid:CVE-2020-3379

LAST UPDATE DATE
2024-08-14T13:24:22.412000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181504date:2021-08-06T00:00:00
db:VULMONid:CVE-2020-3379date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-008331date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1070date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3379date:2021-08-06T18:59:46.220

SOURCES RELEASE DATE
db:VULHUBid:VHN-181504date:2020-07-16T00:00:00
db:VULMONid:CVE-2020-3379date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008331date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1070date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3379date:2020-07-16T18:15:18.690