ID

VAR-202008-0814


CVE

CVE-2020-3448


TITLE

Cisco Cyber Vision Center Vulnerability in lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-009559

DESCRIPTION

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software. The product supports functions such as dynamic asset list and real-time network monitoring

Trust: 1.71

sources: NVD: CVE-2020-3448 // JVNDB: JVNDB-2020-009559 // VULHUB: VHN-181573

AFFECTED PRODUCTS

vendor:ciscomodel:cyber vision centerscope:ltversion:3.0.4

Trust: 1.0

vendor:ciscomodel:cyber vision centerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009559 // NVD: CVE-2020-3448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3448
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3448
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-009559
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-144
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181573
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3448
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009559
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181573
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3448
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3448
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009559
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181573 // JVNDB: JVNDB-2020-009559 // CNNVD: CNNVD-202008-144 // NVD: CVE-2020-3448 // NVD: CVE-2020-3448

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-181573 // JVNDB: JVNDB-2020-009559 // NVD: CVE-2020-3448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-144

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202008-144

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009559

PATCH

title:cisco-sa-cvc-bypass-K99Cb2ffurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvc-bypass-K99Cb2ff

Trust: 0.8

title:Cisco Cyber Vision Center Software Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125485

Trust: 0.6

sources: JVNDB: JVNDB-2020-009559 // CNNVD: CNNVD-202008-144

EXTERNAL IDS

db:NVDid:CVE-2020-3448

Trust: 2.5

db:JVNDBid:JVNDB-2020-009559

Trust: 0.8

db:CNNVDid:CNNVD-202008-144

Trust: 0.7

db:AUSCERTid:ESB-2020.2701

Trust: 0.6

db:CNVDid:CNVD-2020-47585

Trust: 0.1

db:VULHUBid:VHN-181573

Trust: 0.1

sources: VULHUB: VHN-181573 // JVNDB: JVNDB-2020-009559 // CNNVD: CNNVD-202008-144 // NVD: CVE-2020-3448

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cvc-bypass-k99cb2ff

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3448

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3448

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2701/

Trust: 0.6

sources: VULHUB: VHN-181573 // JVNDB: JVNDB-2020-009559 // CNNVD: CNNVD-202008-144 // NVD: CVE-2020-3448

SOURCES

db:VULHUBid:VHN-181573
db:JVNDBid:JVNDB-2020-009559
db:CNNVDid:CNNVD-202008-144
db:NVDid:CVE-2020-3448

LAST UPDATE DATE

2024-08-14T15:28:04.034000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181573date:2020-08-20T00:00:00
db:JVNDBid:JVNDB-2020-009559date:2020-11-13T07:06:36
db:CNNVDid:CNNVD-202008-144date:2020-08-21T00:00:00
db:NVDid:CVE-2020-3448date:2020-08-20T15:22:11.477

SOURCES RELEASE DATE

db:VULHUBid:VHN-181573date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009559date:2020-11-13T07:06:36
db:CNNVDid:CNNVD-202008-144date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3448date:2020-08-17T18:15:13.383