PT-2020-3500 · Cisco · Cisco Sd-Wan Vmanage

Published

2020-07-29

Updated

2020-08-06

CVE-2020-3374

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description The issue is related to insufficient authorization checking in the web-based management interface of Cisco SD-WAN, allowing an authenticated, remote attacker to bypass authorization. This could enable the attacker to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability can be exploited by sending crafted HTTP requests to the web-based management interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

BDU:2020-03829

CVE-2020-3374

Affected Products

Cisco Sd-Wan Vmanage

PT-2020-3500 · Cisco · Cisco Sd-Wan Vmanage

CVE-2020-3374

Weakness Enumeration

Related Identifiers

Affected Products

References · 4