CVE-2020-3115 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Sd-Wan Firmware	18.4.1
Cisco	Vedge-100	-
Cisco	Vedge-1000	-
Cisco	Vedge-100B	-
Cisco	Vedge-2000	-
Cisco	Vedge-5000	-
Cisco	Vedge 100M	-
Cisco	Vedge 100Wm	-

Related Weaknesses (CWE)

CWE-269 CWE-264

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2020-3115?

CVE-2020-3115 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system....

How severe is CVE-2020-3115?

CVE-2020-3115 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3115?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware, Cisco Vedge-100, Cisco Vedge-1000, Cisco Vedge-100B, Cisco Vedge-2000.