CVE-2020-3379

CVE Database · CVE-2020-3379

CVE-2020-3379

· HIGHModified

CVSS v3.1

7.8

EPSS

0.34%

Published

Jul 16, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-264CWE-20

Affected Products (10)

cisco · sd-wan_firmware (up to 18.3.0)vulnerable

cisco · vedge_100

cisco · vedge_1000

cisco · vedge_100b

cisco · vedge_100m

cisco · vedge_100wm

cisco · vedge_2000

cisco · vedge_5000

cisco · vbond_orchestratorvulnerable

cisco · vsmart_controllervulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmpresc-SyzcS4kC

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs