Sign-up

ID

VAR-202007-1061


CVE

CVE-2020-3468


TITLE

Cisco SD-WAN vManage In software SQL Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008347

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.71

sources: NVD: CVE-2020-3468 // JVNDB: JVNDB-2020-008347 // VULHUB: VHN-181593

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:lteversion:19.2.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008347 // NVD: CVE-2020-3468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3468
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3468
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-008347
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1075
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181593
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3468
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008347
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181593
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3468
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3468
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008347
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181593 // JVNDB: JVNDB-2020-008347 // CNNVD: CNNVD-202007-1075 // NVD: CVE-2020-3468 // NVD: CVE-2020-3468

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-181593 // JVNDB: JVNDB-2020-008347 // NVD: CVE-2020-3468

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1075

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1075

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008347

PATCH
title:cisco-sa-vmanage-v78FubGVurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-v78FubGV
Trust: 0.8
title:Cisco SD-WAN vManage Software SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124559
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008347 // 
            
            
            
            CNNVD: CNNVD-202007-1075

EXTERNAL IDS
db:NVDid:CVE-2020-3468
Trust: 2.5
db:JVNDBid:JVNDB-2020-008347
Trust: 0.8
db:CNNVDid:CNNVD-202007-1075
Trust: 0.7
db:AUSCERTid:ESB-2020.2424
Trust: 0.6
db:NSFOCUSid:47183
Trust: 0.6
db:VULHUBid:VHN-181593
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181593 // 
            
            
            
            JVNDB: JVNDB-2020-008347 // 
            
            
            
            CNNVD: CNNVD-202007-1075 // 
            
            
            
            NVD: CVE-2020-3468

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-v78fubgv
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3468
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3468
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2424/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47183
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181593 // 
            
            
            
            JVNDB: JVNDB-2020-008347 // 
            
            
            
            CNNVD: CNNVD-202007-1075 // 
            
            
            
            NVD: CVE-2020-3468

SOURCES
db:VULHUBid:VHN-181593
db:JVNDBid:JVNDB-2020-008347
db:CNNVDid:CNNVD-202007-1075
db:NVDid:CVE-2020-3468

LAST UPDATE DATE
2024-11-23T21:35:30.504000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181593date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-008347date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1075date:2020-07-24T00:00:00
db:NVDid:CVE-2020-3468date:2024-11-21T05:31:07.937

SOURCES RELEASE DATE
db:VULHUBid:VHN-181593date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008347date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1075date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3468date:2020-07-16T18:15:19.847