CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
45.4%
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | sd-wan | * | cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:* |
cisco | sd-wan | 20.3.4.1 | cpe:2.3:a:cisco:sd-wan:20.3.4.1:*:*:*:*:*:*:* |
cisco | sd-wan | 20.3.4.2 | cpe:2.3:a:cisco:sd-wan:20.3.4.2:*:*:*:*:*:*:* |
cisco | sd-wan | 20.3.5 | cpe:2.3:a:cisco:sd-wan:20.3.5:*:*:*:*:*:*:* |
cisco | sd-wan | 20.7.1 | cpe:2.3:a:cisco:sd-wan:20.7.1:*:*:*:*:*:*:* |
[
{
"product": "Cisco SD-WAN vManage",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
]
More