CVE-2020-3485 MEDIUM

CVE-2020-3485: Cisco Vision Dynamic Signage Director Role-Based Access Control Vulnerability

Vendor Cisco

Product Cisco Vision Dynamic Signage Director

Weakness CWE-264

Published August 26, 2020

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access.

Key dates

02Disclosure timeline

August 26, 2020 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3485 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/264.html

Related vulnerabilities

Identifiers

CVE CVE-2020-3485

CWE CWE-264

CVSS 6.3 / MEDIUM

Affected versions