PT-2020-3111 · Cisco · Cisco Prime License Manager

Published

2020-07-15

Updated

2020-07-23

CVE-2020-3140

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Prime License Manager (PLM) Software (affected versions not specified)

Description A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The issue is due to insufficient validation of user input on the web management interface. An attacker could exploit this by submitting a malicious request to an affected system, potentially gaining administrative-level privileges. The attacker needs a valid username to exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-255

Related Identifiers

BDU:2020-03403

CVE-2020-3140

Affected Products

Cisco Prime License Manager

PT-2020-3111 · Cisco · Cisco Prime License Manager

CVE-2020-3140

Weakness Enumeration

Related Identifiers

Affected Products

References · 4