Lucene search

[email protected]CVE-2020-3446

HistoryAug 26, 2020 - 5:15 p.m.

CVE-2020-3446

2020-08-2617:15:00

CWE-798

[email protected]

web.nvd.nist.gov

cve-2020-3446

cisco

vwaas

nfvis

static password

vulnerability

security

cisco encs

csp 5000-w

remote attack

cli

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.

CPENameOperatorVersion
cisco:encs_5406-w_firmwarecisco encs 5406-w firmwareeq6.4\(1\)
cisco:encs_5406-w_firmwarecisco encs 5406-w firmwareeq6.4\(3d\)
cisco:encs_5408-w_firmwarecisco encs 5408-w firmwareeq6.4\(1\)
cisco:encs_5408-w_firmwarecisco encs 5408-w firmwareeq6.4\(3d\)
cisco:encs_5412-w_firmwarecisco encs 5412-w firmwareeq6.4\(1\)
cisco:encs_5412-w_firmwarecisco encs 5412-w firmwareeq6.4\(3d\)
cisco:csp_5228-w_firmwarecisco csp 5228-w firmwareeq6.4\(1\)
cisco:csp_5228-w_firmwarecisco csp 5228-w firmwareeq6.4\(3d\)
cisco:csp_5436-w_firmwarecisco csp 5436-w firmwareeq6.4\(1\)
cisco:csp_5436-w_firmwarecisco csp 5436-w firmwareeq6.4\(3d\)

CPE	Name	Operator	Version
cisco:encs_5406-w_firmware	cisco encs 5406-w firmware	eq	6.4\(1\)
cisco:encs_5406-w_firmware	cisco encs 5406-w firmware	eq	6.4\(3d\)
cisco:encs_5408-w_firmware	cisco encs 5408-w firmware	eq	6.4\(1\)
cisco:encs_5408-w_firmware	cisco encs 5408-w firmware	eq	6.4\(3d\)
cisco:encs_5412-w_firmware	cisco encs 5412-w firmware	eq	6.4\(1\)
cisco:encs_5412-w_firmware	cisco encs 5412-w firmware	eq	6.4\(3d\)
cisco:csp_5228-w_firmware	cisco csp 5228-w firmware	eq	6.4\(1\)
cisco:csp_5228-w_firmware	cisco csp 5228-w firmware	eq	6.4\(3d\)
cisco:csp_5436-w_firmware	cisco csp 5436-w firmware	eq	6.4\(1\)
cisco:csp_5436-w_firmware	cisco csp 5436-w firmware	eq	6.4\(3d\)

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-encsw-cspw-cred-hZzL29A7

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2020-3446

cisco1 prion1 threatpost1