Vulnerabilities > CVE-2020-3592 - Incorrect Authorization vulnerability in Cisco Catalyst Sd-Wan Manager and Sd-Wan Vmanage

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

cisco

CWE-863

NVD

Published: 2020-11-06

Updated: 2023-11-07

Summary

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco SD WAN Vmanage - Cisco SD WAN Vmanage 17.2.4 Cisco SD WAN Vmanage 17.2.5 Cisco SD WAN Vmanage 17.2.6 Cisco SD WAN Vmanage 17.2.7 Cisco SD WAN Vmanage 17.2.8 Cisco SD WAN Vmanage 17.2.9 Cisco SD WAN Vmanage 17.2.10 Cisco SD WAN Vmanage 18.2.0 Cisco SD WAN Vmanage 18.3.0 Cisco SD WAN Vmanage 18.3.1 Cisco SD WAN Vmanage 18.3.1.1 Cisco SD WAN Vmanage 18.3.3 Cisco SD WAN Vmanage 18.3.3.1 Cisco SD WAN Vmanage 18.3.4 Cisco SD WAN Vmanage 18.3.5 Cisco SD WAN Vmanage 18.3.6.1 Cisco SD WAN Vmanage 18.3.7 Cisco SD WAN Vmanage 18.3.8 Cisco SD WAN Vmanage 18.4.0 Cisco SD WAN Vmanage 18.4.0.1 Cisco SD WAN Vmanage 18.4.1 Cisco SD WAN Vmanage 18.4.3 Cisco SD WAN Vmanage 18.4.4 Cisco SD WAN Vmanage 18.4.5 Cisco SD WAN Vmanage 18.4.302 Cisco SD WAN Vmanage 18.4.303 Cisco SD WAN Vmanage 19.1.0 Cisco SD WAN Vmanage 19.2.0 Cisco SD WAN Vmanage 19.2.1 Cisco SD WAN Vmanage 19.2.2 Cisco SD WAN Vmanage 19.2.3 Cisco SD WAN Vmanage 19.2.31 Cisco SD WAN Vmanage 19.2.097 Cisco SD WAN Vmanage 19.2.099 Cisco SD WAN Vmanage 19.2.929 Cisco SD WAN Vmanage 19.3.0 Cisco SD WAN Vmanage 20.1.1 Cisco SD WAN Vmanage 20.1.1.1 Cisco SD WAN Vmanage 20.1.12 Cisco Catalyst SD WAN Manager 20.3.1	41

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Packetstorm

data source	https://packetstormsecurity.com/files/download/157896/vmwarevcenter67-bypass.txt
id	PACKETSTORM:157896
last seen	2020-06-03
published	2020-06-02
reporter	Photubias
source	https://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html
title	VMware vCenter Server 6.7 Authentication Bypass

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanuafw-ZHkdGGEy