CVE-2020-3193 MEDIUM

CVE-2020-3193: Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability

Vendor Cisco

Product Cisco Prime Collaboration Provisioning

Weakness CWE-200 · Info exposure

Published March 4, 2020

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include unnecessary server information. An attacker could exploit this vulnerability by inspecting replies received from the web-based management interface. A successful exploit could allow the attacker to obtain details about the operating system, including the web server version that is running on the device, which could be used to perform further attacks.

Key dates

02Disclosure timeline

March 4, 2020 CVE published

November 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3193 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

Identifiers

CVE CVE-2020-3193

CWE CWE-200

CVSS 5.3 / MEDIUM

Affected versions