CVE-2020-3333
Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device.
Una vulnerabilidad en la API de Cisco Application Services Engine Software, podría permitir a un atacante remoto no autenticado actualizar las políticas de eventos sobre un dispositivo afectado. La vulnerabilidad es debido a una autenticación insuficiente de los usuarios que modifican las políticas sobre un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al diseñar una petición HTTP maliciosa para contactar a un dispositivo afectado. Una explotación con éxito podría permitir al atacante actualizar las políticas de eventos en el dispositivo afectado.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2019-12-12 CVE Reserved
- 2020-06-03 CVE Published
- 2023-06-07 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-EPU-F8y5kUOP | 2020-06-11 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Application Policy Infrastructure Controller Search vendor "Cisco" for product "Application Policy Infrastructure Controller" | 1.1\(0c\) Search vendor "Cisco" for product "Application Policy Infrastructure Controller" and version "1.1\(0c\)" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Application Services Engine Search vendor "Cisco" for product "Application Services Engine" | < 1.1.2.20 Search vendor "Cisco" for product "Application Services Engine" and version " < 1.1.2.20" | - |
Affected
|