Details of VAR-202008-0821

ID

VAR-202008-0821

CVE

CVE-2020-3484

TITLE

Cisco Vision Dynamic Signage Director Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010460

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected device. The vulnerability is due to incorrect permissions within Apache configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to view potentially sensitive information on the affected device

Trust: 1.71

sources: NVD: CVE-2020-3484 // JVNDB: JVNDB-2020-010460 // VULHUB: VHN-181609

AFFECTED PRODUCTS

vendor:	cisco	model:	vision dynamic signage director	scope:	eq	version:	6.2\(0\)	Trust: 1.0
vendor:	cisco	model:	vision dynamic signage director	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010460 // NVD: CVE-2020-3484

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3484
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3484
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-010460
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-984
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181609
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3484
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-010460
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181609
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3484
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-010460
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181609 // JVNDB: JVNDB-2020-010460 // CNNVD: CNNVD-202008-984 // NVD: CVE-2020-3484 // NVD: CVE-2020-3484

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.9
problemtype:	CWE-16	Trust: 1.0

sources: VULHUB: VHN-181609 // JVNDB: JVNDB-2020-010460 // NVD: CVE-2020-3484

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-984

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-202008-984

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010460

PATCH

title:	cisco-sa-vdsd-W7mnkwj7	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vdsd-W7mnkwj7	Trust: 0.8
title:	Cisco Vision Dynamic Signage Director Web Management interface configuration error vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126778	Trust: 0.6

sources: JVNDB: JVNDB-2020-010460 // CNNVD: CNNVD-202008-984

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3484	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010460	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-984	Trust: 0.7
db:	NSFOCUS	id:	48720	Trust: 0.6
db:	CNVD	id:	CNVD-2020-50557	Trust: 0.1
db:	VULHUB	id:	VHN-181609	Trust: 0.1

sources: VULHUB: VHN-181609 // JVNDB: JVNDB-2020-010460 // CNNVD: CNNVD-202008-984 // NVD: CVE-2020-3484

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vdsd-w7mnkwj7	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3484	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3484	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48720	Trust: 0.6

sources: VULHUB: VHN-181609 // JVNDB: JVNDB-2020-010460 // CNNVD: CNNVD-202008-984 // NVD: CVE-2020-3484

SOURCES

db:	VULHUB	id:	VHN-181609
db:	JVNDB	id:	JVNDB-2020-010460
db:	CNNVD	id:	CNNVD-202008-984
db:	NVD	id:	CVE-2020-3484

LAST UPDATE DATE

2024-11-23T23:04:16.689000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181609	date:	2020-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-010460	date:	2021-01-19T01:57:26
db:	CNNVD	id:	CNNVD-202008-984	date:	2020-09-14T00:00:00
db:	NVD	id:	CVE-2020-3484	date:	2024-11-21T05:31:09.877

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181609	date:	2020-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-010460	date:	2021-01-19T01:57:26
db:	CNNVD	id:	CNNVD-202008-984	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-3484	date:	2020-08-26T17:15:13.867