CVE-2020-3378 MEDIUM

CVE-2020-3378: Cisco SD-WAN vManage Software SQL Injection Vulnerability

Vendor Cisco
Product Cisco SD-WAN vManage
Weakness CWE-89 · SQLi
Published July 16, 2020
Last update November 15, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

Key dates

02Disclosure timeline

July 16, 2020 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-1037 SourceCodester Dental Clinic Appointment Reservation System POST Parameter login.php sql injection CVE-2019-25391 Ashop Shopping Cart Software Lastest Latest SQL Injection via bannedcustomers.php CVE-2025-6583 SourceCodester Best Salon Management System view-appointment.php sql injection CVE-2021-1380 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities CVE-2026-2225 itsourcecode News Portal Project Administrator Login index.php sql injection