CVE-2020-3450

Name of the Vulnerable Software and Affected Versions Cisco Vision Dynamic Signage Director (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks. The issue is due to improper validation of user-submitted parameters, specifically in the SQL query structure. An attacker could exploit this by authenticating to the interface and sending malicious requests, potentially obtaining data stored in the underlying database, including hashed user credentials. The attacker would need valid administrative credentials to exploit this issue.

Recommendations To resolve the issue, update the system to a version that includes proper validation of user-submitted parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.