Vulnerability Description
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Firmware | < 18.3.0 |
| Cisco | Vedge 100 | - |
| Cisco | Vedge 1000 | - |
| Cisco | Vedge 100B | - |
| Cisco | Vedge 100M | - |
| Cisco | Vedge 100Wm | - |
| Cisco | Vedge 2000 | - |
| Cisco | Vedge 5000 | - |
| Cisco | Vbond Orchestrator | - |
| Cisco | Vsmart Controller | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vVendor Advisory
FAQ
What is CVE-2020-3379?
CVE-2020-3379 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to in...
How severe is CVE-2020-3379?
CVE-2020-3379 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3379?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware, Cisco Vedge 100, Cisco Vedge 1000, Cisco Vedge 100B, Cisco Vedge 100M.