Details of VAR-202011-1338

ID

VAR-202011-1338

CVE

CVE-2020-3600

TITLE

Cisco SD-WAN Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013371

DESCRIPTION

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. Cisco SD-WAN The software contains a vulnerability in privilege management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco. The appliance provides basic WAN, security and multi-cloud capabilities for Cisco SD-WAN solutions. Attackers can bypass restrictions through Cisco SD-WAN vEdge's CLI utility to elevate their privileges

Trust: 1.71

sources: NVD: CVE-2020-3600 // JVNDB: JVNDB-2020-013371 // VULHUB: VHN-181725

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.1.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013371 // NVD: CVE-2020-3600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3600
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3600
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3600
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-260
value:	HIGH
Trust: 0.6
VULHUB:	VHN-181725
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3600
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181725
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3600
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3600
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260 // NVD: CVE-2020-3600 // NVD: CVE-2020-3600

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-863	Trust: 1.1
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // NVD: CVE-2020-3600

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-260

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-260

PATCH

title:	cisco-sa-vepeshlg-tJghOQcA	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA	Trust: 0.8
title:	Cisco SD-WAN vEdge Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137106	Trust: 0.6

sources: JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3600	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-013371	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3813	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3813.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-260	Trust: 0.6
db:	VULHUB	id:	VHN-181725	Trust: 0.1

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260 // NVD: CVE-2020-3600

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vepeshlg-tjghoqca	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3600	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3813/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3813.2/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-privilege-escalation-via-cli-utility-33818	Trust: 0.6

sources: VULHUB: VHN-181725 // JVNDB: JVNDB-2020-013371 // CNNVD: CNNVD-202011-260 // NVD: CVE-2020-3600

SOURCES

db:	VULHUB	id:	VHN-181725
db:	JVNDB	id:	JVNDB-2020-013371
db:	CNNVD	id:	CNNVD-202011-260
db:	NVD	id:	CVE-2020-3600

LAST UPDATE DATE

2024-08-14T13:24:04.063000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181725	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-013371	date:	2021-06-28T08:08:00
db:	CNNVD	id:	CNNVD-202011-260	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2020-3600	date:	2023-11-07T03:23:00.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181725	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013371	date:	2021-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202011-260	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3600	date:	2020-11-06T19:15:15.627