Details of VAR-202011-1027

ID

VAR-202011-1027

CVE

CVE-2020-3593

TITLE

Cisco SD-WAN Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013368

DESCRIPTION

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. Cisco SD-WAN The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vManage is a software provided by Cisco in the United States that provides software-defined network functions. This software is a way of network virtualization. Cisco SD-WAN vEdge is a router from Cisco of the United States. This device can provide basic WAN, security and multi-cloud functions for Cisco SD-WAN solutions. Cisco SD-WAN Software has a privilege escalation vulnerability. The vulnerability stems from improper permission settings when the program executes the affected command

Trust: 2.25

sources: NVD: CVE-2020-3593 // JVNDB: JVNDB-2020-013368 // CNVD: CNVD-2020-70852 // VULHUB: VHN-181718

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-70852

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.1.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	sd-wan vmanage software	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-70852 // JVNDB: JVNDB-2020-013368 // NVD: CVE-2020-3593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3593
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3593
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3593
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-70852
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202011-255
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181718
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3593
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-70852
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-181718
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3593
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3593
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-70852 // VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255 // NVD: CVE-2020-3593 // NVD: CVE-2020-3593

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // NVD: CVE-2020-3593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-255

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-255

PATCH

title:	cisco-sa-vepescm-BjgQm4vJ	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ	Trust: 0.8
title:	Patch for Cisco SD-WAN Software Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/241867	Trust: 0.6
title:	Cisco SD-WAN vManage Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137105	Trust: 0.6

sources: CNVD: CNVD-2020-70852 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3593	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-013368	Trust: 0.8
db:	CNVD	id:	CNVD-2020-70852	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3813	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3813.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-255	Trust: 0.6
db:	VULHUB	id:	VHN-181718	Trust: 0.1

sources: CNVD: CNVD-2020-70852 // VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255 // NVD: CVE-2020-3593

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-3593	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vepescm-bjgqm4vj	Trust: 1.7
url:	https://www.auscert.org.au/bulletins/esb-2020.3813/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3813.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-request-33817	Trust: 0.6

sources: CNVD: CNVD-2020-70852 // VULHUB: VHN-181718 // JVNDB: JVNDB-2020-013368 // CNNVD: CNNVD-202011-255 // NVD: CVE-2020-3593

SOURCES

db:	CNVD	id:	CNVD-2020-70852
db:	VULHUB	id:	VHN-181718
db:	JVNDB	id:	JVNDB-2020-013368
db:	CNNVD	id:	CNNVD-202011-255
db:	NVD	id:	CVE-2020-3593

LAST UPDATE DATE

2024-08-14T13:24:04.181000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-70852	date:	2020-12-11T00:00:00
db:	VULHUB	id:	VHN-181718	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013368	date:	2021-06-28T08:08:00
db:	CNNVD	id:	CNNVD-202011-255	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-3593	date:	2023-11-07T03:22:58.890

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-70852	date:	2020-12-11T00:00:00
db:	VULHUB	id:	VHN-181718	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013368	date:	2021-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202011-255	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3593	date:	2020-11-06T19:15:15.407