CVE-2020-3448 MEDIUM

CVE-2020-3448: Cisco Cyber Vision Center Software Access Control Bypass Vulnerability

Vendor Cisco

Product Cisco Cyber Vision

Weakness CWE-284

Published August 17, 2020

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software.

Key dates

02Disclosure timeline

August 17, 2020 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3448 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2020-3448: Cisco Cyber Vision Center Software Access Control Bypass Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE