Lucene search

[email protected]CVE-2020-3193

HistoryMar 04, 2020 - 7:15 p.m.

CVE-2020-3193

2020-03-0419:15:13

CWE-200

[email protected]

web.nvd.nist.gov

cve-2020-3193

cisco

prime collaboration provisioning

vulnerability

web-based management interface

unauthorized access

sensitive information

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include unnecessary server information. An attacker could exploit this vulnerability by inspecting replies received from the web-based management interface. A successful exploit could allow the attacker to obtain details about the operating system, including the web server version that is running on the device, which could be used to perform further attacks.

Affected configurations

NVD

Node

ciscoprime_collaboration_provisioningRange<12.6

ciscoprime_collaboration_provisioningMatch12.6-

ciscoprime_collaboration_provisioningMatch12.6service_update1

CPENameOperatorVersion
cisco:prime_collaboration_provisioningcisco prime collaboration provisioninglt12.6

CPE	Name	Operator	Version
cisco:prime_collaboration_provisioning	cisco prime collaboration provisioning	lt	12.6

CNA Affected

[
  {
    "product": "Cisco Prime Collaboration Provisioning ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prim-collab-disclo-FAnX4DKB

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

Related for CVE-2020-3193

prion1 nvd1 nessus1 cisco1 cvelist1