Details of VAR-202005-0680

ID

VAR-202005-0680

CVE

CVE-2020-3178

TITLE

Cisco Content Security Management Appliance input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-27771 // CNNVD: CNNVD-202005-201

DESCRIPTION

Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. The device is mainly used to manage all strategies, reports, audit information, etc. of e-mail and Web security devices

Trust: 2.34

sources: NVD: CVE-2020-3178 // JVNDB: JVNDB-2020-005191 // CNVD: CNVD-2020-27771 // VULHUB: VHN-181303 // VULMON: CVE-2020-3178

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-27771

AFFECTED PRODUCTS

vendor:	cisco	model:	content security management appliance	scope:	lt	version:	13.6.0	Trust: 1.0
vendor:	cisco	model:	content security management appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content security management appliance	scope:	lt	version:	13.6	Trust: 0.6
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	8.3.6-039	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.1.0-31	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.1.0-103	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.6.6-068	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	9.7.0-006	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	12.0	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	12.0.1	Trust: 0.1
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	12.5.0	Trust: 0.1

sources: CNVD: CNVD-2020-27771 // VULMON: CVE-2020-3178 // JVNDB: JVNDB-2020-005191 // NVD: CVE-2020-3178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3178
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3178
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-005191
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-27771
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202005-201
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181303
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3178
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3178
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005191
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27771
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-181303
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3178
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3178
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-005191
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-27771 // VULHUB: VHN-181303 // VULMON: CVE-2020-3178 // JVNDB: JVNDB-2020-005191 // CNNVD: CNNVD-202005-201 // NVD: CVE-2020-3178 // NVD: CVE-2020-3178

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.9

sources: VULHUB: VHN-181303 // JVNDB: JVNDB-2020-005191 // NVD: CVE-2020-3178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-201

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-201

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005191

PATCH

title:	cisco-sa-sma-opn-rdrct-yPPMdsMQ	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-opn-rdrct-yPPMdsMQ	Trust: 0.8
title:	Patch for Cisco Content Security Management Appliance input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/217139	Trust: 0.6
title:	Cisco Content Security Management Appliance Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117805	Trust: 0.6
title:	Cisco: Cisco Content Security Management Appliance Open Redirect Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sma-opn-rdrct-yPPMdsMQ	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2020/05/07/cisco_may_patches/	Trust: 0.1

sources: CNVD: CNVD-2020-27771 // VULMON: CVE-2020-3178 // JVNDB: JVNDB-2020-005191 // CNNVD: CNNVD-202005-201

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3178	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-005191	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-201	Trust: 0.7
db:	CNVD	id:	CNVD-2020-27771	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1616	Trust: 0.6
db:	VULHUB	id:	VHN-181303	Trust: 0.1
db:	VULMON	id:	CVE-2020-3178	Trust: 0.1

sources: CNVD: CNVD-2020-27771 // VULHUB: VHN-181303 // VULMON: CVE-2020-3178 // JVNDB: JVNDB-2020-005191 // CNNVD: CNNVD-202005-201 // NVD: CVE-2020-3178

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sma-opn-rdrct-yppmdsmq	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3178	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3178	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-content-security-management-appliance-open-redirect-32203	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1616/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/601.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181522	Trust: 0.1

sources: CNVD: CNVD-2020-27771 // VULHUB: VHN-181303 // VULMON: CVE-2020-3178 // JVNDB: JVNDB-2020-005191 // CNNVD: CNNVD-202005-201 // NVD: CVE-2020-3178

SOURCES

db:	CNVD	id:	CNVD-2020-27771
db:	VULHUB	id:	VHN-181303
db:	VULMON	id:	CVE-2020-3178
db:	JVNDB	id:	JVNDB-2020-005191
db:	CNNVD	id:	CNNVD-202005-201
db:	NVD	id:	CVE-2020-3178

LAST UPDATE DATE

2024-11-23T22:25:27.360000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27771	date:	2020-05-17T00:00:00
db:	VULHUB	id:	VHN-181303	date:	2020-05-12T00:00:00
db:	VULMON	id:	CVE-2020-3178	date:	2020-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-005191	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202005-201	date:	2020-05-13T00:00:00
db:	NVD	id:	CVE-2020-3178	date:	2024-11-21T05:30:29.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-27771	date:	2020-05-12T00:00:00
db:	VULHUB	id:	VHN-181303	date:	2020-05-06T00:00:00
db:	VULMON	id:	CVE-2020-3178	date:	2020-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-005191	date:	2020-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202005-201	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-3178	date:	2020-05-06T17:15:11.853