ID

VAR-202011-1026


CVE

CVE-2020-3592


TITLE

Cisco SD-WAN vManage  Software fraudulent authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013367

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system. Cisco SD-WAN vManage The software contains a vulnerability related to unauthorized authentication.Information may be tampered with. The software is a form of network virtualization

Trust: 1.71

sources: NVD: CVE-2020-3592 // JVNDB: JVNDB-2020-013367 // VULHUB: VHN-181717

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vmanagescope:lteversion:20.1.12

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013367 // NVD: CVE-2020-3592

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3592
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3592
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3592
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-323
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181717
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3592
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181717
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3592
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2020-3592
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323 // NVD: CVE-2020-3592 // NVD: CVE-2020-3592

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // NVD: CVE-2020-3592

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-323

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-323

PATCH

title:cisco-sa-vmanuafw-ZHkdGGEyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanuafw-ZHkdGGEy

Trust: 0.8

title:Cisco SD-WAN vManage Software Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132756

Trust: 0.6

sources: JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323

EXTERNAL IDS

db:NVDid:CVE-2020-3592

Trust: 2.5

db:JVNDBid:JVNDB-2020-013367

Trust: 0.8

db:CNNVDid:CNNVD-202011-323

Trust: 0.7

db:AUSCERTid:ESB-2020.3816

Trust: 0.6

db:VULHUBid:VHN-181717

Trust: 0.1

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323 // NVD: CVE-2020-3592

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanuafw-zhkdggey

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3592

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3816/

Trust: 0.6

sources: VULHUB: VHN-181717 // JVNDB: JVNDB-2020-013367 // CNNVD: CNNVD-202011-323 // NVD: CVE-2020-3592

SOURCES

db:VULHUBid:VHN-181717
db:JVNDBid:JVNDB-2020-013367
db:CNNVDid:CNNVD-202011-323
db:NVDid:CVE-2020-3592

LAST UPDATE DATE

2024-11-23T21:35:02.977000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181717date:2020-11-20T00:00:00
db:JVNDBid:JVNDB-2020-013367date:2021-06-28T08:08:00
db:CNNVDid:CNNVD-202011-323date:2020-11-24T00:00:00
db:NVDid:CVE-2020-3592date:2024-11-21T05:31:22.510

SOURCES RELEASE DATE

db:VULHUBid:VHN-181717date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-013367date:2021-06-28T00:00:00
db:CNNVDid:CNNVD-202011-323date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3592date:2020-11-06T19:15:15.330