Details of VAR-202010-1041

ID

VAR-202010-1041

CVE

CVE-2020-3568

TITLE

Cisco AsyncOS Software input verification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012240

DESCRIPTION

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. Cisco AsyncOS The software contains an input verification vulnerability.Information may be tampered with. AsyncOS Software is a set of operating systems running in it

Trust: 2.25

sources: NVD: CVE-2020-3568 // JVNDB: JVNDB-2020-012240 // CNVD: CNVD-2020-57579 // VULHUB: VHN-181693

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-57579

AFFECTED PRODUCTS

vendor:	cisco	model:	asyncos	scope:	lte	version:	13.5.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco asyncos	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	email security appliance asyncos software	scope:	lte	version:	<=13.5.2	Trust: 0.6

sources: CNVD: CNVD-2020-57579 // JVNDB: JVNDB-2020-012240 // NVD: CVE-2020-3568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3568
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3568
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3568
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-57579
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202010-231
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181693
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3568
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-57579
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-181693
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3568
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3568
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-57579 // VULHUB: VHN-181693 // JVNDB: JVNDB-2020-012240 // CNNVD: CNNVD-202010-231 // NVD: CVE-2020-3568 // NVD: CVE-2020-3568

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181693 // JVNDB: JVNDB-2020-012240 // NVD: CVE-2020-3568

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-231

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-231

PATCH

title:	cisco-sa-esa-url-bypass-zZtugtg3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-zZtugtg3	Trust: 0.8
title:	Patch for Cisco Email Security Appliance URL filtering bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/236893	Trust: 0.6
title:	Cisco Email Security Appliance Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129860	Trust: 0.6

sources: CNVD: CNVD-2020-57579 // JVNDB: JVNDB-2020-012240 // CNNVD: CNNVD-202010-231

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3568	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012240	Trust: 0.8
db:	CNVD	id:	CNVD-2020-57579	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3484	Trust: 0.6
db:	NSFOCUS	id:	50159	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-231	Trust: 0.6
db:	VULHUB	id:	VHN-181693	Trust: 0.1

sources: CNVD: CNVD-2020-57579 // VULHUB: VHN-181693 // JVNDB: JVNDB-2020-012240 // CNNVD: CNNVD-202010-231 // NVD: CVE-2020-3568

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-url-bypass-zztugtg3	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3568	Trust: 2.0
url:	https://vigilance.fr/vulnerability/cisco-esa-privilege-escalation-via-url-filtering-bypass-33501	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50159	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3484/	Trust: 0.6

sources: CNVD: CNVD-2020-57579 // VULHUB: VHN-181693 // JVNDB: JVNDB-2020-012240 // CNNVD: CNNVD-202010-231 // NVD: CVE-2020-3568

SOURCES

db:	CNVD	id:	CNVD-2020-57579
db:	VULHUB	id:	VHN-181693
db:	JVNDB	id:	JVNDB-2020-012240
db:	CNNVD	id:	CNNVD-202010-231
db:	NVD	id:	CVE-2020-3568

LAST UPDATE DATE

2024-11-23T23:04:14.481000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-57579	date:	2020-10-20T00:00:00
db:	VULHUB	id:	VHN-181693	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012240	date:	2021-04-27T06:50:00
db:	CNNVD	id:	CNNVD-202010-231	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3568	date:	2024-11-21T05:31:19.997

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-57579	date:	2020-10-20T00:00:00
db:	VULHUB	id:	VHN-181693	date:	2020-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-012240	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-231	date:	2020-10-08T00:00:00
db:	NVD	id:	CVE-2020-3568	date:	2020-10-08T05:15:15.383