CVE-2020-3140
published 2020-07-16CVE-2020-3140: A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.08%
86.0th percentile
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_prime_license_manager | — | — |
| cisco | prime_license_manager | <= 10.5\(2\)su9 | — |
| cisco | prime_license_manager | — | — |
| cisco | prime_license_manager | 11.0 – 11.5\(1\)su6 | — |
| libreoffice | libreoffice | >= 0 < 1:6.0.7-0ubuntu0.18.04.12 | 1:6.0.7-0ubuntu0.18.04.12 |
| libreoffice | libreoffice | >= 0 < 1:6.4.7-0ubuntu0.20.04.6 | 1:6.4.7-0ubuntu0.20.04.6 |
| libreoffice | libreoffice | >= 0 < 1:7.3.6-0ubuntu0.22.04.2 | 1:7.3.6-0ubuntu0.22.04.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability requires a valid username to exploit — monitor for authentication attempts using known/enumerated usernames against the Cisco PLM web management interface, especially those resulting in unexpected privilege escalation. ↗
- →Look for unauthenticated or anomalous requests to the Cisco Prime License Manager (PLM) web management interface that result in administrative-level access, indicative of exploitation of insufficient input validation. ↗
- →Track Cisco bug ID CSCvq97227 for patch status; unpatched Cisco PLM instances are the target surface for this privilege escalation vulnerability. ↗
- ·The vulnerability is due to insufficient validation of user input on the web management interface — ensure the PLM web management interface is not exposed to untrusted networks, as there are no workarounds available. ↗
- ·Cisco confirms there are no workarounds for this vulnerability; patching via released software updates is the only remediation path. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv5.3MEDIUM
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
libreoffice vulnerabilities
osv·2022-10-20·CVSS 5.3
CVE-2022-3140 libreoffice vulnerabilities
libreoffice vulnerabilities
It was discovered that LibreOffice incorrectly handled links using the
Office URI Schemes. If a user were tricked into opening a specially
crafted document, a remote attacker could use this issue to execute
arbitrary scripts. (CVE-2022-3140)
Thomas Florian discovered that LibreOffice incorrectly handled crashes when
an encrypted document is open. If the document is recovered upon restarting
LibreOffice, subsequent saves of the document were unencrypted. This issue
only affected Ubuntu 18.04 LTS. (CVE-2020-12801)
Jens Müller discovered that LibreOffice incorrectly handled certain
documents containing forms. If a user were tricked into opening a specially
crafted document, a remote attacker could overwrite arbitrary files when
the form was submitted. This issue
GHSA
GHSA-875h-7jq2-c5fp: A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain
ghsa_unreviewed·2022-05-24
CVE-2020-3140 [HIGH] GHSA-875h-7jq2-c5fp: A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.
Cisco
Cisco Prime License Manager Privilege Escalation Vulnerability
vendor_cisco·2020-07-15·CVSS 9.8
CVE-2020-3140 [CRITICAL] CWE-255 Cisco Prime License Manager Privilege Escalation Vulnerability
Cisco Prime License Manager Privilege Escalation Vulnerability
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https:/
Cisco
Cisco Prime License Manager Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3140 Cisco Prime License Manager Privilege Escalation Vulnerability
CVE-2020-3140: Cisco Prime License Manager Privilege Escalation Vulnerability
A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-255, CWE-255
Bug IDs: CSCvq97227
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004658; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php DELETE
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php DELETE
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php DELETE"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004657; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UPDATE
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UPDATE
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UPDATE"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004659; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name I
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php INSERT
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php INSERT
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php INSERT"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004656; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UNION SELECT
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UNION SELECT
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UNION SELECT"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004655; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php SELECT
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php SELECT
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php SELECT"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004654; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
No public exploits indexed.
Bugzilla
CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution
bugzilla·2020-10-12·CVSS 8.1
CVE-2020-26945 [HIGH] CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution
CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution
MyBatis before 3.5.6 mishandles deserialization of object streams.
References:
https://github.com/mybatis/mybatis-3/compare/mybatis-3.5.5...mybatis-3.5.6
https://github.com/mybatis/mybatis-3/pull/2079
Discussion:
Created mybatis tracking bugs for this issue:
Affects: fedora-31 [bug 1887258]
---
This vulnerability is out of security support scope for the following product:
* Red Hat JBoss Fuse 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
---
This issue has been addressed in the following products:
Red Hat Fuse 7.9
Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140
---
This bug is now closed. Furthe
Bugzilla
CVE-2020-13920 activemq: improper authentication allows MITM attack
bugzilla·2020-09-17·CVSS 5.9
CVE-2020-13920 [MEDIUM] CVE-2020-13920 activemq: improper authentication allows MITM attack
CVE-2020-13920 activemq: improper authentication allows MITM attack
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.
Reference:
http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
Discussion:
This issue has been addressed in the following products:
Red Hat Fuse 7.9
Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140
-
2020-07-16
Published