Details of VAR-202011-0734

ID

VAR-202011-0734

CVE

CVE-2020-27129

TITLE

Cisco SD-WAN vManage Software Argument Insertion or Modification Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013393

DESCRIPTION

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges. Cisco SD-WAN vManage The software is vulnerable to inserting or modifying arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco® SD-WAN vManage is a software from Cisco that provides software-defined network functions. The software is a form of network virtualization

Trust: 1.71

sources: NVD: CVE-2020-27129 // JVNDB: JVNDB-2020-013393 // VULHUB: VHN-370505

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013393 // NVD: CVE-2020-27129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-27129
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-27129
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-27129
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-320
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-370505
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-27129
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-370505
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-27129
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-27129
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-370505 // JVNDB: JVNDB-2020-013393 // CNNVD: CNNVD-202011-320 // NVD: CVE-2020-27129 // NVD: CVE-2020-27129

PROBLEMTYPE DATA

problemtype:	CWE-88	Trust: 1.1
problemtype:	Insert or change arguments (CWE-88) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-370505 // JVNDB: JVNDB-2020-013393 // NVD: CVE-2020-27129

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-320

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202011-320

PATCH

title:	cisco-sa-vmanage-privilege-zPmMf73k	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-privilege-zPmMf73k	Trust: 0.8
title:	Cisco SD-WAN vManage Software Repair measures for parameter injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132755	Trust: 0.6

sources: JVNDB: JVNDB-2020-013393 // CNNVD: CNNVD-202011-320

EXTERNAL IDS

db:	NVD	id:	CVE-2020-27129	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013393	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-320	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3816	Trust: 0.6
db:	CNVD	id:	CNVD-2020-61949	Trust: 0.1
db:	VULHUB	id:	VHN-370505	Trust: 0.1

sources: VULHUB: VHN-370505 // JVNDB: JVNDB-2020-013393 // CNNVD: CNNVD-202011-320 // NVD: CVE-2020-27129

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-privilege-zpmmf73k	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27129	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3816/	Trust: 0.6

sources: VULHUB: VHN-370505 // JVNDB: JVNDB-2020-013393 // CNNVD: CNNVD-202011-320 // NVD: CVE-2020-27129

SOURCES

db:	VULHUB	id:	VHN-370505
db:	JVNDB	id:	JVNDB-2020-013393
db:	CNNVD	id:	CNNVD-202011-320
db:	NVD	id:	CVE-2020-27129

LAST UPDATE DATE

2024-11-23T21:35:02.923000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-370505	date:	2020-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-013393	date:	2021-06-29T08:35:00
db:	CNNVD	id:	CNNVD-202011-320	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-27129	date:	2024-11-21T05:20:46.033

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-370505	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013393	date:	2021-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202011-320	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-27129	date:	2020-11-06T19:15:13.783