ID

VAR-202010-1029


CVE

CVE-2020-3467


TITLE

Cisco Identity Services Engine  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2020-012236

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials. Cisco Identity Services Engine (ISE) Contains an improper authentication vulnerability.Denial of service (DoS) It may be put into a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.71

sources: NVD: CVE-2020-3467 // JVNDB: JVNDB-2020-012236 // VULHUB: VHN-181592

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.6\(0.156\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.5

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0.356

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.356\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4.0.357

Trust: 1.0

vendor:ciscomodel:identity services enginescope:lteversion:2.4

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0.156

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services engine ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services engine ソフトウェアscope:eqversion:cisco identity services engine software

Trust: 0.8

sources: JVNDB: JVNDB-2020-012236 // NVD: CVE-2020-3467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3467
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3467
value: HIGH

Trust: 1.0

NVD: CVE-2020-3467
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-234
value: HIGH

Trust: 0.6

VULHUB: VHN-181592
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3467
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181592
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3467
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3467
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181592 // JVNDB: JVNDB-2020-012236 // CNNVD: CNNVD-202010-234 // NVD: CVE-2020-3467 // NVD: CVE-2020-3467

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181592 // JVNDB: JVNDB-2020-012236 // NVD: CVE-2020-3467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-234

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-234

PATCH

title:cisco-sa-ise-auth-bypass-uJWqLTZMurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-uJWqLTZM

Trust: 0.8

title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129863

Trust: 0.6

sources: JVNDB: JVNDB-2020-012236 // CNNVD: CNNVD-202010-234

EXTERNAL IDS

db:NVDid:CVE-2020-3467

Trust: 2.5

db:JVNDBid:JVNDB-2020-012236

Trust: 0.8

db:AUSCERTid:ESB-2020.3481

Trust: 0.6

db:NSFOCUSid:50138

Trust: 0.6

db:CNNVDid:CNNVD-202010-234

Trust: 0.6

db:CNVDid:CNVD-2020-56457

Trust: 0.1

db:VULHUBid:VHN-181592

Trust: 0.1

sources: VULHUB: VHN-181592 // JVNDB: JVNDB-2020-012236 // CNNVD: CNNVD-202010-234 // NVD: CVE-2020-3467

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-auth-bypass-ujwqltzm

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3467

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3481/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50138

Trust: 0.6

sources: VULHUB: VHN-181592 // JVNDB: JVNDB-2020-012236 // CNNVD: CNNVD-202010-234 // NVD: CVE-2020-3467

SOURCES

db:VULHUBid:VHN-181592
db:JVNDBid:JVNDB-2020-012236
db:CNNVDid:CNNVD-202010-234
db:NVDid:CVE-2020-3467

LAST UPDATE DATE

2024-11-23T21:35:10.281000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181592date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2020-012236date:2021-04-27T06:50:00
db:CNNVDid:CNNVD-202010-234date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3467date:2024-11-21T05:31:07.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-181592date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2020-012236date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-234date:2020-10-08T00:00:00
db:NVDid:CVE-2020-3467date:2020-10-08T05:15:14.663