CVE-2020-3598

Cisco Vision Dynamic Signage Director Missing Authentication Vulnerability

CVSS 6.5 MEDIUMEPSS 0.9%CWE-306

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

08 Oct 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Cisco · Cisco Vision Dynamic Signage Director

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-missing-auth-rQO88rnj