CVE-2020-3115
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
26/01/2020
Last modified:
31/01/2020
Description
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:sd-wan_firmware:18.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:sd-wan_firmware:19.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-1000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-100b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-2000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge-5000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page