Details of VAR-202008-0822

ID

VAR-202008-0822

CVE

CVE-2020-3485

TITLE

Cisco Vision Dynamic Signage Director Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-010678

DESCRIPTION

A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access. Cisco Vision Dynamic Signage Director Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution provided by Cisco

Trust: 1.71

sources: NVD: CVE-2020-3485 // JVNDB: JVNDB-2020-010678 // VULHUB: VHN-181610

AFFECTED PRODUCTS

vendor:	cisco	model:	vision dynamic signage director	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco vision dynamic signage director	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010678 // NVD: CVE-2020-3485

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3485
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3485
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-3485
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-976
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181610
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3485
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-181610
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3485
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3485
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181610 // JVNDB: JVNDB-2020-010678 // CNNVD: CNNVD-202008-976 // NVD: CVE-2020-3485 // NVD: CVE-2020-3485

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	CWE-264	Trust: 1.0
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-181610 // JVNDB: JVNDB-2020-010678 // NVD: CVE-2020-3485

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-976

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202008-976

PATCH

title:	cisco-sa-cvdsd-rbac-y9LM5jw4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-rbac-y9LM5jw4	Trust: 0.8
title:	Cisco Vision Dynamic Signage Director Web Management software permissions and access control problems and vulnerabilities repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126772	Trust: 0.6

sources: JVNDB: JVNDB-2020-010678 // CNNVD: CNNVD-202008-976

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3485	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010678	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-976	Trust: 0.7
db:	NSFOCUS	id:	48727	Trust: 0.6
db:	CNVD	id:	CNVD-2020-50562	Trust: 0.1
db:	VULHUB	id:	VHN-181610	Trust: 0.1

sources: VULHUB: VHN-181610 // JVNDB: JVNDB-2020-010678 // CNNVD: CNNVD-202008-976 // NVD: CVE-2020-3485

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cvdsd-rbac-y9lm5jw4	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3485	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/48727	Trust: 0.6

sources: VULHUB: VHN-181610 // JVNDB: JVNDB-2020-010678 // CNNVD: CNNVD-202008-976 // NVD: CVE-2020-3485

SOURCES

db:	VULHUB	id:	VHN-181610
db:	JVNDB	id:	JVNDB-2020-010678
db:	CNNVD	id:	CNNVD-202008-976
db:	NVD	id:	CVE-2020-3485

LAST UPDATE DATE

2024-11-23T21:59:06.989000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181610	date:	2020-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-010678	date:	2021-02-01T07:40:00
db:	CNNVD	id:	CNNVD-202008-976	date:	2020-09-14T00:00:00
db:	NVD	id:	CVE-2020-3485	date:	2024-11-21T05:31:09.987

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181610	date:	2020-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-010678	date:	2021-02-01T00:00:00
db:	CNNVD	id:	CNNVD-202008-976	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-3485	date:	2020-08-26T17:15:13.943