Details of VAR-202011-1026

ID

VAR-202011-1026

CVE

CVE-2020-3592

TITLE

Cisco SD-WAN vManage Software fraudulent authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013367

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system. Cisco SD-WAN vManage The software contains a vulnerability related to unauthorized authentication.Information may be tampered with. The software is a form of network virtualization

Trust: 1.71

sources: NVD: CVE-2020-3592 // JVNDB: JVNDB-2020-013367 // VULHUB: VHN-181717

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.3.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lte	version:	20.1.12	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013367 // NVD: CVE-2020-3592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3592
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3592
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3592
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-323
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181717
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3592
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181717
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3592
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3592
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323 // NVD: CVE-2020-3592 // NVD: CVE-2020-3592

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-284	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // NVD: CVE-2020-3592

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-323

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-323

PATCH

title:	cisco-sa-vmanuafw-ZHkdGGEy	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanuafw-ZHkdGGEy	Trust: 0.8
title:	Cisco SD-WAN vManage Software Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132756	Trust: 0.6

sources: JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3592	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013367	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-323	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3816	Trust: 0.6
db:	VULHUB	id:	VHN-181717	Trust: 0.1

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323 // NVD: CVE-2020-3592

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanuafw-zhkdggey	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3592	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3816/	Trust: 0.6

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323 // NVD: CVE-2020-3592

SOURCES

db:	VULHUB	id:	VHN-181717
db:	JVNDB	id:	JVNDB-2020-013367
db:	CNNVD	id:	CNNVD-202011-323
db:	NVD	id:	CVE-2020-3592

LAST UPDATE DATE

2024-08-14T14:03:26.089000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181717	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013367	date:	2021-06-28T08:08:00
db:	CNNVD	id:	CNNVD-202011-323	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2020-3592	date:	2023-11-07T03:22:58.710

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181717	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013367	date:	2021-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202011-323	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3592	date:	2020-11-06T19:15:15.330