CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-3152 – Cisco Connected Mobile Experiences Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3152
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-prvesc-6g37hjAL • CWE-275: Permission Issues CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1645 – Cisco Connected Mobile Experiences Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1645
A vulnerability in the Cisco Connected Mobile Experiences (CMX) software could allow an unauthenticated, adjacent attacker to access sensitive data on an affected device. The vulnerability is due to a lack of input and validation checking mechanisms for certain GET requests to API's on an affected device. An attacker could exploit this vulnerability by sending HTTP GET requests to an affected device. An exploit could allow the attacker to use this information to conduct additional reconnaissance attacks. Una vulnerabilidad en el software de Cisco Connected Mobile Experiences (CMX) podría permitir que un atacante adyacente remoto no autenticado acceda a datos sensibles de la aplicación. • http://www.securityfocus.com/bid/106701 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-cmx-info-discl • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •