CVE-2020-3485 — MEDIUM (6.3)

Vulnerability Description

A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Vision Dynamic Signage Director	6.2.0

Related Weaknesses (CWE)

CWE-264 CWE-276

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cVendor Advisory

FAQ

What is CVE-2020-3485?

CVE-2020-3485 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access re...

How severe is CVE-2020-3485?

CVE-2020-3485 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3485?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Vision Dynamic Signage Director.