// For flags

CVE-2020-3448

Cisco Cyber Vision Center Software Access Control Bypass Vulnerability

Severity Score

5.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is due to insufficient enforcement of access control in the software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow an attacker to impact monitoring of sensors that are managed by the software.

Una vulnerabilidad en un mecanismo de control de acceso del Cisco Cyber ??Vision Center Software podría permitir a un atacante remoto no autenticado impedir la autenticación y acceder a los servicios internos que son ejecutados sobre un dispositivo afectado. La vulnerabilidad es debido a una aplicación insuficiente del control de acceso en el software. Un atacante podría explotar esta vulnerabilidad mediante el acceso directo a los servicios internos de un dispositivo afectado. Una explotación con éxito podría permitir a un atacante afectar el monitoreo de los sensores que son administrados por el software.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-08-17 CVE Published
  • 2023-05-03 EPSS Updated
  • 2024-11-13 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
  • CWE-306: Missing Authentication for Critical Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Cyber Vision Center
Search vendor "Cisco" for product "Cyber Vision Center"
 < 3.0.4
Search vendor "Cisco" for product "Cyber Vision Center" and version " < 3.0.4"
-
Affected