PT-2020-5119 · Cisco · Cisco Vision Dynamic Signage Director

Published

2020-10-07

Updated

2020-10-20

CVE-2020-3598

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Vision Dynamic Signage Director (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The issue is due to missing authentication for a specific section of the interface. An attacker could exploit this by accessing a crafted URL, potentially obtaining access to a section of the interface to read confidential information or make configuration changes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2020-05715

CVE-2020-3598

Affected Products

Cisco Vision Dynamic Signage Director

PT-2020-5119 · Cisco · Cisco Vision Dynamic Signage Director

CVE-2020-3598

Weakness Enumeration

Related Identifiers

Affected Products

References · 4