PT-2020-4614 · Cisco · Cisco Sd-Wan Vmanage

Published

2020-11-04

Updated

2023-10-16

CVE-2020-3592

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN vManage Software (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The issue is due to insufficient authorization checking. An attacker could exploit this by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level, potentially modifying the configuration of an affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

BDU:2020-05163

CVE-2020-3592

Affected Products

Cisco Sd-Wan Vmanage

PT-2020-4614 · Cisco · Cisco Sd-Wan Vmanage

CVE-2020-3592

Weakness Enumeration

Related Identifiers

Affected Products

References · 6