Vulnerabilities > CVE-2020-3335 - Incorrect Authorization vulnerability in Cisco products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

cisco

CWE-863

NVD

Published: 2020-06-03

Updated: 2021-08-06

Summary

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Application Services Engine - Cisco Application Policy Infrastructure Controller 1.1\(0C\)	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-KSV-3wzbHYT4