Lucene search

[email protected]NVD:CVE-2020-3297

HistoryJul 02, 2020 - 5:15 a.m.

CVE-2020-3297

2020-07-0205:15:11

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.1%

JSON

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.

Affected configurations

Nvd

Node

ciscosg250x-24_firmwareRange<2.5.5.47

AND

ciscosg250x-24Match-

Node

ciscosg250x-24p_firmwareRange<2.5.5.47

AND

ciscosg250x-24pMatch-

Node

ciscosg250x-48_firmwareRange<2.5.5.47

AND

ciscosg250x-48Match-

Node

ciscosg250x-48p_firmwareRange<2.5.5.47

AND

ciscosg250x-48pMatch-

Node

ciscosg250-08_firmwareRange<2.5.5.47

AND

ciscosg250-08Match-

Node

ciscosg250-08hp_firmwareRange<2.5.5.47

AND

ciscosg250-08hpMatch-

Node

ciscosg250-10p_firmwareRange<2.5.5.47

AND

ciscosg250-10pMatch-

Node

ciscosg250-18_firmwareRange<2.5.5.47

AND

ciscosg250-18Match-

Node

ciscosg250-26_firmwareRange<2.5.5.47

AND

ciscosg250-26Match-

Node

ciscosg250-26hp_firmwareRange<2.5.5.47

AND

ciscosg250-26hpMatch-

Node

ciscosg250-26p_firmwareRange<2.5.5.47

AND

ciscosg250-26pMatch-

Node

ciscosg250-50_firmwareRange<2.5.5.47

AND

ciscosg250-50Match-

Node

ciscosg250-50hp_firmwareRange<2.5.5.47

AND

ciscosg250-50hpMatch-

Node

ciscosg250-50p_firmwareRange<2.5.5.47

AND

ciscosg250-50pMatch-

Node

ciscosf250-24_firmwareRange<2.5.5.47

AND

ciscosf250-24Match-

Node

ciscosf250-24p_firmwareRange<2.5.5.47

AND

ciscosf250-24pMatch-

Node

ciscosf250-48_firmwareRange<2.5.5.47

AND

ciscosf250-48Match-

Node

ciscosf250-48hp_firmwareRange<2.5.5.47

AND

ciscosf250-48hpMatch-

Node

ciscosg350-10_firmwareRange<2.5.5.47

AND

ciscosg350-10Match-

Node

ciscosg350-10p_firmwareRange<2.5.5.47

AND

ciscosg350-10pMatch-

Node

ciscosg350-10mp_firmwareRange<2.5.5.47

AND

ciscosg350-10mpMatch-

Node

ciscosg355-10p_firmwareRange<2.5.5.47

AND

ciscosg355-10pMatch-

Node

ciscosg350-28_firmwareRange<2.5.5.47

AND

ciscosg350-28Match-

Node

ciscosg350-28p_firmwareRange<2.5.5.47

AND

ciscosg350-28pMatch-

Node

ciscosg350-28mp_firmwareRange<2.5.5.47

AND

ciscosg350-28mpMatch-

Node

ciscosf350-48_firmwareRange<2.5.5.47

AND

ciscosf350-48Match-

Node

ciscosf350-48p_firmwareRange<2.5.5.47

AND

ciscosf350-48pMatch-

Node

ciscosf350-48mp_firmwareRange<2.5.5.47

AND

ciscosf350-48mpMatch-

Node

ciscosg350xg-2f10_firmwareRange<2.5.5.47

AND

ciscosg350xg-2f10Match-

Node

ciscosg350xg-24f_firmwareRange<2.5.5.47

AND

ciscosg350xg-24fMatch-

Node

ciscosg350xg-24t_firmwareRange<2.5.5.47

AND

ciscosg350xg-24tMatch-

Node

ciscosg350xg-48t_firmwareRange<2.5.5.47

AND

ciscosg350xg-48tMatch-

Node

ciscosg350x-24_firmwareRange<2.5.5.47

AND

ciscosg350x-24Match-

Node

ciscosg350x-24p_firmwareRange<2.5.5.47

AND

ciscosg350x-24pMatch-

Node

ciscosg350x-24mp_firmwareRange<2.5.5.47

AND

ciscosg350x-24mpMatch-

Node

ciscosg350x-48_firmwareRange<2.5.5.47

AND

ciscosg350x-48Match-

Node

ciscosg350x-48p_firmwareRange<2.5.5.47

AND

ciscosg350x-48pMatch-

Node

ciscosg350x-48mp_firmwareRange<2.5.5.47

AND

ciscosg350x-48mpMatch-

Node

ciscosx550x-16ft_firmwareRange<2.5.5.47

AND

ciscosx550x-16ftMatch-

Node

ciscosx550x-24ft_firmwareRange<2.5.5.47

AND

ciscosx550x-24ftMatch-

Node

ciscosx550x-12f_firmwareRange<2.5.5.47

AND

ciscosx550x-12fMatch-

Node

ciscosx550x-24f_firmwareRange<2.5.5.47

AND

ciscosx550x-24fMatch-

Node

ciscosx550x-24_firmwareRange<2.5.5.47

AND

ciscosx550x-24Match-

Node

ciscosx550x-52_firmwareRange<2.5.5.47

AND

ciscosx550x-52Match-

Node

ciscosg550x-24_firmwareRange<2.5.5.47

AND

ciscosg550x-24Match-

Node

ciscosg550x-24p_firmwareRange<2.5.5.47

AND

ciscosg550x-24pMatch-

Node

ciscosg550x-24mp_firmwareRange<2.5.5.47

AND

ciscosg550x-24mpMatch-

Node

ciscosg550x-24mpp_firmwareRange<2.5.5.47

AND

ciscosg550x-24mppMatch-

Node

ciscosg550x-48_firmwareRange<2.5.5.47

AND

ciscosg550x-48Match-

Node

ciscosg550x-48p_firmwareRange<2.5.5.47

AND

ciscosg550x-48pMatch-

Node

ciscosg550x-48mp_firmwareRange<2.5.5.47

AND

ciscosg550x-48mpMatch-

Node

ciscosf550x-24_firmwareRange<2.5.5.47

AND

ciscosf550x-24Match-

Node

ciscosf550x-24p_firmwareRange<2.5.5.47

AND

ciscosf550x-24pMatch-

Node

ciscosf550x-24mp_firmwareRange<2.5.5.47

AND

ciscosf550x-24mpMatch-

Node

ciscosf550x-48_firmwareRange<2.5.5.47

AND

ciscosf550x-48Match-

Node

ciscosf550x-48p_firmwareRange<2.5.5.47

AND

ciscosf550x-48pMatch-

Node

ciscosf550x-48mp_firmwareRange<2.5.5.47

AND

ciscosf550x-48mpMatch-

Node

ciscosf200-24_firmwareMatch-

AND

ciscosf200-24Match-

Node

ciscosf200-24fp_firmwareMatch-

AND

ciscosf200-24fpMatch-

Node

ciscosf200-24p_firmwareMatch-

AND

ciscosf200-24pMatch-

Node

ciscosf200-48_firmwareMatch-

AND

ciscosf200-48Match-

Node

ciscosf200-48p_firmwareMatch-

AND

ciscosf200-48pMatch-

Node

ciscosf200e-24_firmwareMatch-

AND

ciscosf200e-24Match-

Node

ciscosf200e-24p_firmwareMatch-

AND

ciscosf200e-24pMatch-

Node

ciscosf200e-48_firmwareMatch-

AND

ciscosf200e-48Match-

Node

ciscosf200e-48p_firmwareMatch-

AND

ciscosf200e-48pMatch-

Node

ciscosg200-08_firmwareMatch-

AND

ciscosg200-08Match-

Node

ciscosg200-08p_firmwareMatch-

AND

ciscosg200-08pMatch-

Node

ciscosg200-10fp_firmwareMatch-

AND

ciscosg200-10fpMatch-

Node

ciscosg200-18_firmwareMatch-

AND

ciscosg200-18Match-

Node

ciscosg200-26_firmwareMatch-

AND

ciscosg200-26Match-

Node

ciscosg200-26fp_firmwareMatch-

AND

ciscosg200-26fpMatch-

Node

ciscosg200-26p_firmwareMatch-

AND

ciscosg200-26pMatch-

Node

ciscosg200-50_firmwareMatch-

AND

ciscosg200-50Match-

Node

ciscosg200-50fp_firmwareMatch-

AND

ciscosg200-50fpMatch-

Node

ciscosg200-50p_firmwareMatch-

AND

ciscosg200-50pMatch-

Node

ciscosf302-08pp_firmwareMatch-

AND

ciscosf302-08ppMatch-

Node

ciscosf302-08mpp_firmwareMatch-

AND

ciscosf302-08mppMatch-

Node

ciscosg300-10pp_firmwareMatch-

AND

ciscosg300-10ppMatch-

Node

ciscosg300-10mpp_firmwareMatch-

AND

ciscosg300-10mppMatch-

Node

ciscosf300-24pp_firmwareMatch-

AND

ciscosf300-24ppMatch-

Node

ciscosf300-48pp_firmwareMatch-

AND

ciscosf300-48ppMatch-

Node

ciscosg300-28pp_firmwareMatch-

AND

ciscosg300-28ppMatch-

Node

ciscosf300-08_firmwareMatch-

AND

ciscosf300-08Match-

Node

ciscosf300-48p_firmwareMatch-

AND

ciscosf300-48pMatch-

Node

ciscosg300-10mp_firmwareMatch-

AND

ciscosg300-10mpMatch-

Node

ciscosg300-10p_firmwareMatch-

AND

ciscosg300-10pMatch-

Node

ciscosg300-10_firmwareMatch-

AND

ciscosg300-10Match-

Node

ciscosg300-28p_firmwareMatch-

AND

ciscosg300-28pMatch-

Node

ciscosf300-24p_firmwareMatch-

AND

ciscosf300-24pMatch-

Node

ciscosf302-08mp_firmwareMatch-

AND

ciscosf302-08mpMatch-

Node

ciscosg300-28_firmwareMatch-

AND

ciscosg300-28Match-

Node

ciscosf300-48_firmwareMatch-

AND

ciscosf300-48Match-

Node

ciscosg300-20_firmwareMatch-

AND

ciscosg300-20Match-

Node

ciscosf302-08p_firmwareMatch-

AND

ciscosf302-08pMatch-

Node

ciscosg300-52_firmwareMatch-

AND

ciscosg300-52Match-

Node

ciscosf300-24_firmwareMatch-

AND

ciscosf300-24Match-

Node

ciscosf302-08_firmwareMatch-

AND

ciscosf302-08Match-

Node

ciscosf300-24mp_firmwareMatch-

AND

ciscosf300-24mpMatch-

Node

ciscosg300-10sfp_firmwareMatch-

AND

ciscosg300-10sfpMatch-

Node

ciscosg300-28mp_firmwareMatch-

AND

ciscosg300-28mpMatch-

Node

ciscosg300-52p_firmwareMatch-

AND

ciscosg300-52pMatch-

Node

ciscosg300-52mp_firmwareMatch-

AND

ciscosg300-52mpMatch-

Node

ciscosg500-28mpp_firmwareMatch-

AND

ciscosg500-28mppMatch-

Node

ciscosg500-52mp_firmwareMatch-

AND

ciscosg500-52mpMatch-

Node

ciscosg500xg-8f8t_firmwareMatch-

AND

ciscosg500xg-8f8tMatch-

Node

ciscosf500-24_firmwareMatch-

AND

ciscosf500-24Match-

Node

ciscosf500-24p_firmwareMatch-

AND

ciscosf500-24pMatch-

Node

ciscosf500-48_firmwareMatch-

AND

ciscosf500-48Match-

Node

ciscosf500-48p_firmwareMatch-

AND

ciscosf500-48pMatch-

Node

ciscosg500-28_firmwareMatch-

AND

ciscosg500-28Match-

Node

ciscosg500-28p_firmwareMatch-

AND

ciscosg500-28pMatch-

Node

ciscosg500-52_firmwareMatch-

AND

ciscosg500-52Match-

Node

ciscosg500-52p_firmwareMatch-

AND

ciscosg500-52pMatch-

Node

ciscosg500x-24_firmwareMatch-

AND

ciscosg500x-24Match-

Node

ciscosg500x-24p_firmwareMatch-

AND

ciscosg500x-24pMatch-

Node

ciscosg500x-48_firmwareMatch-

AND

ciscosg500x-48Match-

Node

ciscosg500x-48p_firmwareMatch-

AND

ciscosg500x-48pMatch-

VendorProductVersionCPE
ciscosg250x-24_firmware*cpe:2.3:o:cisco:sg250x-24_firmware:*:*:*:*:*:*:*:*
ciscosg250x-24-cpe:2.3:h:cisco:sg250x-24:-:*:*:*:*:*:*:*
ciscosg250x-24p_firmware*cpe:2.3:o:cisco:sg250x-24p_firmware:*:*:*:*:*:*:*:*
ciscosg250x-24p-cpe:2.3:h:cisco:sg250x-24p:-:*:*:*:*:*:*:*
ciscosg250x-48_firmware*cpe:2.3:o:cisco:sg250x-48_firmware:*:*:*:*:*:*:*:*
ciscosg250x-48-cpe:2.3:h:cisco:sg250x-48:-:*:*:*:*:*:*:*
ciscosg250x-48p_firmware*cpe:2.3:o:cisco:sg250x-48p_firmware:*:*:*:*:*:*:*:*
ciscosg250x-48p-cpe:2.3:h:cisco:sg250x-48p:-:*:*:*:*:*:*:*
ciscosg250-08_firmware*cpe:2.3:o:cisco:sg250-08_firmware:*:*:*:*:*:*:*:*
ciscosg250-08-cpe:2.3:h:cisco:sg250-08:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sg250x-24_firmware	*	cpe:2.3:o:cisco:sg250x-24_firmware::::::::
cisco	sg250x-24	-	cpe:2.3:h:cisco:sg250x-24:-:::::::*
cisco	sg250x-24p_firmware	*	cpe:2.3:o:cisco:sg250x-24p_firmware::::::::
cisco	sg250x-24p	-	cpe:2.3:h:cisco:sg250x-24p:-:::::::*
cisco	sg250x-48_firmware	*	cpe:2.3:o:cisco:sg250x-48_firmware::::::::
cisco	sg250x-48	-	cpe:2.3:h:cisco:sg250x-48:-:::::::*
cisco	sg250x-48p_firmware	*	cpe:2.3:o:cisco:sg250x-48p_firmware::::::::
cisco	sg250x-48p	-	cpe:2.3:h:cisco:sg250x-48p:-:::::::*
cisco	sg250-08_firmware	*	cpe:2.3:o:cisco:sg250-08_firmware::::::::
cisco	sg250-08	-	cpe:2.3:h:cisco:sg250-08:-:::::::*

Rows per page:

1-10 of 2361

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.1%

JSON

Related for NVD:CVE-2020-3297

cvelist1 prion1 cve1 cisco1 threatpost1