Sign-up

ID

VAR-202006-1139


CVE

CVE-2020-3337


TITLE

Cisco Umbrella Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006933

DESCRIPTION

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. Cisco Umbrella Exists in an open redirect vulnerability.Information may be obtained and tampered with. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware

Trust: 1.71

sources: NVD: CVE-2020-3337 // JVNDB: JVNDB-2020-006933 // VULHUB: VHN-181462

AFFECTED PRODUCTS

vendor:ciscomodel:umbrellascope:eqversion:*

Trust: 1.0

vendor:ciscomodel:umbrella virtual appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006933 // NVD: CVE-2020-3337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3337
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3337
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006933
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1141
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181462
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3337
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006933
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181462
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3337
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3337
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006933
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181462 // JVNDB: JVNDB-2020-006933 // CNNVD: CNNVD-202006-1141 // NVD: CVE-2020-3337 // NVD: CVE-2020-3337

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-181462 // JVNDB: JVNDB-2020-006933 // NVD: CVE-2020-3337

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1141

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006933

PATCH
title:cisco-sa-umbrella-open-redire-UgK9dWK4url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-open-redire-UgK9dWK4
Trust: 0.8
title:Cisco Umbrella Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121834
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-006933 // 
            
            
            
            CNNVD: CNNVD-202006-1141

EXTERNAL IDS
db:NVDid:CVE-2020-3337
Trust: 2.5
db:JVNDBid:JVNDB-2020-006933
Trust: 0.8
db:CNNVDid:CNNVD-202006-1141
Trust: 0.7
db:AUSCERTid:ESB-2020.2128
Trust: 0.6
db:CNVDid:CNVD-2020-34294
Trust: 0.1
db:VULHUBid:VHN-181462
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181462 // 
            
            
            
            JVNDB: JVNDB-2020-006933 // 
            
            
            
            CNNVD: CNNVD-202006-1141 // 
            
            
            
            NVD: CVE-2020-3337

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-open-redire-ugk9dwk4
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3337
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3337
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2128/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181462 // 
            
            
            
            JVNDB: JVNDB-2020-006933 // 
            
            
            
            CNNVD: CNNVD-202006-1141 // 
            
            
            
            NVD: CVE-2020-3337

CREDITS
Lukasz Korczyk of Epam Systems
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1141

SOURCES
db:VULHUBid:VHN-181462
db:JVNDBid:JVNDB-2020-006933
db:CNNVDid:CNNVD-202006-1141
db:NVDid:CVE-2020-3337

LAST UPDATE DATE
2024-11-23T22:16:27.114000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181462date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-006933date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1141date:2020-06-30T00:00:00
db:NVDid:CVE-2020-3337date:2024-11-21T05:30:49.767

SOURCES RELEASE DATE
db:VULHUBid:VHN-181462date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006933date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1141date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3337date:2020-06-18T03:15:13.747