ID

VAR-202009-1109


CVE

CVE-2020-3130


TITLE

Cisco Unity Connection  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011571

DESCRIPTION

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. Cisco Unity Connection Is vulnerable to input validation.Information is tampered with and denial of service (DoS) It may be put into a state. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can utilize voice commands to make calls or listen to messages hands-free. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories

Trust: 1.71

sources: NVD: CVE-2020-3130 // JVNDB: JVNDB-2020-011571 // VULHUB: VHN-181255

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:gteversion:11.0

Trust: 1.0

vendor:ciscomodel:unity connectionscope:gteversion:12.0

Trust: 1.0

vendor:ciscomodel:unity connectionscope:ltversion:12.5su2

Trust: 1.0

vendor:ciscomodel:unity connectionscope:ltversion:11.5su7

Trust: 1.0

vendor:シスコシステムズmodel:cisco unity connectionscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011571 // NVD: CVE-2020-3130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3130
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3130
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3130
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-1397
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181255
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3130
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181255
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3130
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3130
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2020-3130
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181255 // JVNDB: JVNDB-2020-011571 // CNNVD: CNNVD-202001-1397 // NVD: CVE-2020-3130 // NVD: CVE-2020-3130

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-22

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181255 // JVNDB: JVNDB-2020-011571 // NVD: CVE-2020-3130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1397

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1397

PATCH

title:cisco-sa-cuc-dirtrv-M9HpnME4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-dirtrv-M9HpnME4

Trust: 0.8

title:Cisco Unity Connection Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107740

Trust: 0.6

sources: JVNDB: JVNDB-2020-011571 // CNNVD: CNNVD-202001-1397

EXTERNAL IDS

db:NVDid:CVE-2020-3130

Trust: 2.5

db:JVNDBid:JVNDB-2020-011571

Trust: 0.8

db:CNNVDid:CNNVD-202001-1397

Trust: 0.7

db:AUSCERTid:ESB-2020.0278

Trust: 0.6

db:CNVDid:CNVD-2020-04829

Trust: 0.1

db:VULHUBid:VHN-181255

Trust: 0.1

sources: VULHUB: VHN-181255 // JVNDB: JVNDB-2020-011571 // CNNVD: CNNVD-202001-1397 // NVD: CVE-2020-3130

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cuc-dirtrv-m9hpnme4

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3130

Trust: 1.4

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200122-uc-xss

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unity-directory-traversal-33396

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0278/

Trust: 0.6

sources: VULHUB: VHN-181255 // JVNDB: JVNDB-2020-011571 // CNNVD: CNNVD-202001-1397 // NVD: CVE-2020-3130

SOURCES

db:VULHUBid:VHN-181255
db:JVNDBid:JVNDB-2020-011571
db:CNNVDid:CNNVD-202001-1397
db:NVDid:CVE-2020-3130

LAST UPDATE DATE

2024-08-14T14:25:38.768000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181255date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2020-011571date:2021-04-06T09:06:00
db:CNNVDid:CNNVD-202001-1397date:2021-08-17T00:00:00
db:NVDid:CVE-2020-3130date:2021-08-12T18:19:58.870

SOURCES RELEASE DATE

db:VULHUBid:VHN-181255date:2020-09-23T00:00:00
db:JVNDBid:JVNDB-2020-011571date:2021-04-06T00:00:00
db:CNNVDid:CNNVD-202001-1397date:2020-01-22T00:00:00
db:NVDid:CVE-2020-3130date:2020-09-23T01:15:15.067