ID

VAR-202011-1027


CVE

CVE-2020-3593


TITLE

Cisco SD-WAN  Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013368

DESCRIPTION

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. Cisco SD-WAN The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vManage is a software provided by Cisco in the United States that provides software-defined network functions. This software is a way of network virtualization. Cisco SD-WAN vEdge is a router from Cisco of the United States. This device can provide basic WAN, security and multi-cloud functions for Cisco SD-WAN solutions. Cisco SD-WAN Software has a privilege escalation vulnerability. The vulnerability stems from improper permission settings when the program executes the affected command

Trust: 2.25

sources: NVD: CVE-2020-3593 // JVNDB: JVNDB-2020-013368 // CNVD: CNVD-2020-70852 // VULHUB: VHN-181718

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-70852

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:20.1.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:sd-wan vmanage softwarescope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-70852 // JVNDB: JVNDB-2020-013368 // NVD: CVE-2020-3593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3593
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3593
value: HIGH

Trust: 1.0

NVD: CVE-2020-3593
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-70852
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202011-255
value: HIGH

Trust: 0.6

VULHUB: VHN-181718
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3593
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-70852
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181718
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3593
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2020-3593
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-70852 // VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255 // NVD: CVE-2020-3593 // NVD: CVE-2020-3593

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // NVD: CVE-2020-3593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-255

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-255

PATCH

title:cisco-sa-vepescm-BjgQm4vJurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ

Trust: 0.8

title:Patch for Cisco SD-WAN Software Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/241867

Trust: 0.6

title:Cisco SD-WAN vManage Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137105

Trust: 0.6

sources: CNVD: CNVD-2020-70852 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255

EXTERNAL IDS

db:NVDid:CVE-2020-3593

Trust: 3.1

db:JVNDBid:JVNDB-2020-013368

Trust: 0.8

db:CNVDid:CNVD-2020-70852

Trust: 0.6

db:AUSCERTid:ESB-2020.3813

Trust: 0.6

db:AUSCERTid:ESB-2020.3813.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-255

Trust: 0.6

db:VULHUBid:VHN-181718

Trust: 0.1

sources: CNVD: CNVD-2020-70852 // VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255 // NVD: CVE-2020-3593

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-3593

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vepescm-bjgqm4vj

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2020.3813/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3813.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-request-33817

Trust: 0.6

sources: CNVD: CNVD-2020-70852 // VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255 // NVD: CVE-2020-3593

SOURCES

db:CNVDid:CNVD-2020-70852
db:VULHUBid:VHN-181718
db:JVNDBid:JVNDB-2020-013368
db:CNNVDid:CNNVD-202011-255
db:NVDid:CVE-2020-3593

LAST UPDATE DATE

2024-08-14T13:24:04.181000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-70852date:2020-12-11T00:00:00
db:VULHUBid:VHN-181718date:2020-11-20T00:00:00
db:JVNDBid:JVNDB-2020-013368date:2021-06-28T08:08:00
db:CNNVDid:CNNVD-202011-255date:2020-12-16T00:00:00
db:NVDid:CVE-2020-3593date:2023-11-07T03:22:58.890

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-70852date:2020-12-11T00:00:00
db:VULHUBid:VHN-181718date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-013368date:2021-06-28T00:00:00
db:CNNVDid:CNNVD-202011-255date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3593date:2020-11-06T19:15:15.407