ID

VAR-202011-1338


CVE

CVE-2020-3600


TITLE

Cisco SD-WAN  Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013371

DESCRIPTION

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. Cisco SD-WAN The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco. The appliance provides basic WAN, security and multi-cloud capabilities for Cisco SD-WAN solutions. Attackers can bypass restrictions through Cisco SD-WAN vEdge's CLI utility to elevate their privileges

Trust: 1.71

sources: NVD: CVE-2020-3600 // JVNDB: JVNDB-2020-013371 // VULHUB: VHN-181725

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:20.1.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.3.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-013371 // NVD: CVE-2020-3600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3600
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3600
value: HIGH

Trust: 1.0

NVD: CVE-2020-3600
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202011-260
value: HIGH

Trust: 0.6

VULHUB: VHN-181725
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3600
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181725
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3600
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2020-3600
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260 // NVD: CVE-2020-3600 // NVD: CVE-2020-3600

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-863

Trust: 1.1

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // NVD: CVE-2020-3600

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-260

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-260

PATCH

title:cisco-sa-vepeshlg-tJghOQcAurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA

Trust: 0.8

title:Cisco SD-WAN vEdge Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137106

Trust: 0.6

sources: JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260

EXTERNAL IDS

db:NVDid:CVE-2020-3600

Trust: 2.5

db:JVNDBid:JVNDB-2020-013371

Trust: 0.8

db:AUSCERTid:ESB-2020.3813

Trust: 0.6

db:AUSCERTid:ESB-2020.3813.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-260

Trust: 0.6

db:VULHUBid:VHN-181725

Trust: 0.1

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260 // NVD: CVE-2020-3600

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vepeshlg-tjghoqca

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3600

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3813/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3813.2/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-cli-utility-33818

Trust: 0.6

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260 // NVD: CVE-2020-3600

SOURCES

db:VULHUBid:VHN-181725
db:JVNDBid:JVNDB-2020-013371
db:CNNVDid:CNNVD-202011-260
db:NVDid:CVE-2020-3600

LAST UPDATE DATE

2024-08-14T13:24:04.063000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181725date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2020-013371date:2021-06-28T08:08:00
db:CNNVDid:CNNVD-202011-260date:2021-10-20T00:00:00
db:NVDid:CVE-2020-3600date:2023-11-07T03:23:00.127

SOURCES RELEASE DATE

db:VULHUBid:VHN-181725date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-013371date:2021-06-28T00:00:00
db:CNNVDid:CNNVD-202011-260date:2020-11-04T00:00:00
db:NVDid:CVE-2020-3600date:2020-11-06T19:15:15.627