Vulnerability Name: | CVE-2020-3437 (CCN-185316) | ||||||||||||
Assigned: | 2019-12-12 | ||||||||||||
Published: | 2020-07-15 | ||||||||||||
Updated: | 2022-01-01 | ||||||||||||
Summary: | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web-based management interface. A successful exploit could allow the attacker to read arbitrary files from the filesystem of the underlying operating system. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-59 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-3437 Source: MISC Type: Exploit, Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.html Source: XF Type: UNKNOWN cisco-cve20203437-info-disc(185316) Source: CCN Type: Packet Storm Security [06-03-2021] Cisco SD-WAN vManage 19.2.2 Remote Root Source: CCN Type: Cisco Security Advisory cisco-sa-vmanwebid-5QWMcCvt Cisco SD-WAN vManage Software Information Disclosure Vulnerability Source: CISCO Type: Vendor Advisory 20200715 Cisco SD-WAN vManage Software Information Disclosure Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||||||
BACK |