Sign-up

ID

VAR-202008-0814


CVE

CVE-2020-3448


TITLE

Cisco Cyber Vision Center Vulnerability in lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-009559

DESCRIPTION

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software. The product supports functions such as dynamic asset list and real-time network monitoring

Trust: 1.71

sources: NVD: CVE-2020-3448 // JVNDB: JVNDB-2020-009559 // VULHUB: VHN-181573

AFFECTED PRODUCTS

vendor:ciscomodel:cyber vision centerscope:ltversion:3.0.4

Trust: 1.0

vendor:ciscomodel:cyber vision centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009559 // NVD: CVE-2020-3448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3448
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3448
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009559
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-144
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181573
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3448
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009559
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181573
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3448
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3448
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009559
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181573 // JVNDB: JVNDB-2020-009559 // CNNVD: CNNVD-202008-144 // NVD: CVE-2020-3448 // NVD: CVE-2020-3448

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-181573 // JVNDB: JVNDB-2020-009559 // NVD: CVE-2020-3448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-144

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202008-144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009559

PATCH
title:cisco-sa-cvc-bypass-K99Cb2ffurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvc-bypass-K99Cb2ff
Trust: 0.8
title:Cisco Cyber Vision Center Software Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125485
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009559 // 
            
            
            
            CNNVD: CNNVD-202008-144

EXTERNAL IDS
db:NVDid:CVE-2020-3448
Trust: 2.5
db:JVNDBid:JVNDB-2020-009559
Trust: 0.8
db:CNNVDid:CNNVD-202008-144
Trust: 0.7
db:AUSCERTid:ESB-2020.2701
Trust: 0.6
db:CNVDid:CNVD-2020-47585
Trust: 0.1
db:VULHUBid:VHN-181573
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181573 // 
            
            
            
            JVNDB: JVNDB-2020-009559 // 
            
            
            
            CNNVD: CNNVD-202008-144 // 
            
            
            
            NVD: CVE-2020-3448

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cvc-bypass-k99cb2ff
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3448
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3448
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2701/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181573 // 
            
            
            
            JVNDB: JVNDB-2020-009559 // 
            
            
            
            CNNVD: CNNVD-202008-144 // 
            
            
            
            NVD: CVE-2020-3448

SOURCES
db:VULHUBid:VHN-181573
db:JVNDBid:JVNDB-2020-009559
db:CNNVDid:CNNVD-202008-144
db:NVDid:CVE-2020-3448

LAST UPDATE DATE
2024-08-14T15:28:04.034000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181573date:2020-08-20T00:00:00
db:JVNDBid:JVNDB-2020-009559date:2020-11-13T07:06:36
db:CNNVDid:CNNVD-202008-144date:2020-08-21T00:00:00
db:NVDid:CVE-2020-3448date:2020-08-20T15:22:11.477

SOURCES RELEASE DATE
db:VULHUBid:VHN-181573date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009559date:2020-11-13T07:06:36
db:CNNVDid:CNNVD-202008-144date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3448date:2020-08-17T18:15:13.383