Details of VAR-202008-0823

ID

VAR-202008-0823

CVE

CVE-2020-3490

TITLE

Cisco Vision Dynamic Signage Director Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010531

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system. Cisco Vision Dynamic Signage Director Exists in a past traversal vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-3490 // JVNDB: JVNDB-2020-010531 // VULHUB: VHN-181615

AFFECTED PRODUCTS

vendor:	cisco	model:	vision dynamic signage director	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	cisco	model:	vision dynamic signage director	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010531 // NVD: CVE-2020-3490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3490
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3490
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-010531
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-961
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181615
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3490
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-010531
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181615
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3490
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-010531
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181615 // JVNDB: JVNDB-2020-010531 // CNNVD: CNNVD-202008-961 // NVD: CVE-2020-3490 // NVD: CVE-2020-3490

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-181615 // JVNDB: JVNDB-2020-010531 // NVD: CVE-2020-3490

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-961

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202008-961

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010531

PATCH

title:	cisco-sa-cvdsd-pathtrv-5tLJRrFn	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-pathtrv-5tLJRrFn	Trust: 0.8
title:	Cisco Vision Dynamic Signage Director Web Repair measures for the path traversal vulnerability of the management interface	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126757	Trust: 0.6

sources: JVNDB: JVNDB-2020-010531 // CNNVD: CNNVD-202008-961

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3490	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-010531	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-961	Trust: 0.7
db:	NSFOCUS	id:	48734	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2857	Trust: 0.6
db:	VULHUB	id:	VHN-181615	Trust: 0.1

sources: VULHUB: VHN-181615 // JVNDB: JVNDB-2020-010531 // CNNVD: CNNVD-202008-961 // NVD: CVE-2020-3490

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cvdsd-pathtrv-5tljrrfn	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3490	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3490	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48734	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2857/	Trust: 0.6

sources: VULHUB: VHN-181615 // JVNDB: JVNDB-2020-010531 // CNNVD: CNNVD-202008-961 // NVD: CVE-2020-3490

SOURCES

db:	VULHUB	id:	VHN-181615
db:	JVNDB	id:	JVNDB-2020-010531
db:	CNNVD	id:	CNNVD-202008-961
db:	NVD	id:	CVE-2020-3490

LAST UPDATE DATE

2024-11-23T22:44:27.490000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181615	date:	2020-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2020-010531	date:	2021-01-26T09:04:50
db:	CNNVD	id:	CNNVD-202008-961	date:	2020-09-14T00:00:00
db:	NVD	id:	CVE-2020-3490	date:	2024-11-21T05:31:10.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181615	date:	2020-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-010531	date:	2021-01-26T09:04:50
db:	CNNVD	id:	CNNVD-202008-961	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-3490	date:	2020-08-26T17:15:14.037