ID

VAR-202011-1028


CVE

CVE-2020-3594


TITLE

Cisco SD-WAN  Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013369

DESCRIPTION

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges. Cisco SD-WAN The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco. The appliance provides basic WAN, security and multi-cloud capabilities for Cisco SD-WAN solutions

Trust: 1.71

sources: NVD: CVE-2020-3594 // JVNDB: JVNDB-2020-013369 // VULHUB: VHN-181719

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:20.1.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.3.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013369 // NVD: CVE-2020-3594

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3594
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3594
value: HIGH

Trust: 1.0

NVD: CVE-2020-3594
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202011-257
value: HIGH

Trust: 0.6

VULHUB: VHN-181719
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3594
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181719
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3594
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2020-3594
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257 // NVD: CVE-2020-3594 // NVD: CVE-2020-3594

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // NVD: CVE-2020-3594

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-257

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-257

PATCH

title:cisco-sa-vepestd-8C3J9Vcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc

Trust: 0.8

title:Cisco SD-WAN vEdge Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132717

Trust: 0.6

sources: JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257

EXTERNAL IDS

db:NVDid:CVE-2020-3594

Trust: 2.5

db:JVNDBid:JVNDB-2020-013369

Trust: 0.8

db:AUSCERTid:ESB-2020.3813

Trust: 0.6

db:AUSCERTid:ESB-2020.3813.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-257

Trust: 0.6

db:VULHUBid:VHN-181719

Trust: 0.1

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257 // NVD: CVE-2020-3594

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vepestd-8c3j9vc

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3594

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3813/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3813.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-command-options-33819

Trust: 0.6

sources: VULHUB: VHN-181719 // JVNDB: JVNDB-2020-013369 // CNNVD: CNNVD-202011-257 // NVD: CVE-2020-3594

SOURCES

db:VULHUBid:VHN-181719
db:JVNDBid:JVNDB-2020-013369
db:CNNVDid:CNNVD-202011-257
db:NVDid:CVE-2020-3594

LAST UPDATE DATE

2024-08-14T13:24:04.087000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181719date:2020-11-20T00:00:00
db:JVNDBid:JVNDB-2020-013369date:2021-06-28T08:08:00
db:CNNVDid:CNNVD-202011-257date:2020-12-16T00:00:00
db:NVDid:CVE-2020-3594date:2023-11-07T03:22:59.053

SOURCES RELEASE DATE

db:VULHUBid:VHN-181719date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-013369date:2021-06-28T00:00:00
db:CNNVDid:CNNVD-202011-257date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3594date:2020-11-06T19:15:15.487