CVE-2020-3362 MEDIUM

CVE-2020-3362: Cisco Network Services Orchestrator Information Disclosure Vulnerability

Vendor Cisco

Product Cisco Network Services Orchestrator

Weakness CWE-200 · Info exposure

Published June 18, 2020

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.

Key dates

02Disclosure timeline

June 18, 2020 CVE published

November 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3362 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2020-3362: Cisco Network Services Orchestrator Information Disclosure Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE