Details of VAR-202011-1028

ID

VAR-202011-1028

CVE

CVE-2020-3594

TITLE

Cisco SD-WAN Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013369

DESCRIPTION

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges. Cisco SD-WAN The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco. The appliance provides basic WAN, security and multi-cloud capabilities for Cisco SD-WAN solutions

Trust: 1.71

sources: NVD: CVE-2020-3594 // JVNDB: JVNDB-2020-013369 // VULHUB: VHN-181719

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.1.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013369 // NVD: CVE-2020-3594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3594
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3594
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3594
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-257
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181719
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3594
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181719
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3594
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3594
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257 // NVD: CVE-2020-3594 // NVD: CVE-2020-3594

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // NVD: CVE-2020-3594

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-257

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-257

PATCH

title:	cisco-sa-vepestd-8C3J9Vc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc	Trust: 0.8
title:	Cisco SD-WAN vEdge Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132717	Trust: 0.6

sources: JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3594	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013369	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3813	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3813.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-257	Trust: 0.6
db:	VULHUB	id:	VHN-181719	Trust: 0.1

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257 // NVD: CVE-2020-3594

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vepestd-8c3j9vc	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3594	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3813/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3813.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-options-33819	Trust: 0.6

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257 // NVD: CVE-2020-3594

SOURCES

db:	VULHUB	id:	VHN-181719
db:	JVNDB	id:	JVNDB-2020-013369
db:	CNNVD	id:	CNNVD-202011-257
db:	NVD	id:	CVE-2020-3594

LAST UPDATE DATE

2024-08-14T13:24:04.087000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181719	date:	2020-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-013369	date:	2021-06-28T08:08:00
db:	CNNVD	id:	CNNVD-202011-257	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-3594	date:	2023-11-07T03:22:59.053

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181719	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013369	date:	2021-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202011-257	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3594	date:	2020-11-06T19:15:15.487