CVE-2020-3140Incorrect Authorization in Cisco Prime License Manager

CWE-255CWE-863Incorrect Authorization7 documents6 sources
Severity
9.8CRITICALNVD
EPSS
1.7%
top 17.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Prime License ManagerCisco Prime License Manager
Timeline
PublishedJul 16
Latest updateOct 20

Description

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker ne

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/prime_license_manager11.011.5\(1\)su6+1

🔴Vulnerability Details

3
OSV
libreoffice vulnerabilities2022-10-20
GHSA
GHSA-875h-7jq2-c5fp: A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain2022-05-24
CVEList
Cisco Prime License Manager Privilege Escalation Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco Prime License Manager Privilege Escalation Vulnerability2020-07-15

💬Community

2
Bugzilla
CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution2020-10-12
Bugzilla
CVE-2020-13920 activemq: improper authentication allows MITM attack2020-09-17
CVE-2020-3140 — Incorrect Authorization in Cisco | cvebase