CVE-2020-3180
published 2020-07-16CVE-2020-3180: A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_sd-wan_vmanage | — | — |
| cisco | sd-wan | >= 18.3.0 < 18.3.6 | 18.3.6 |
| cisco | sd-wan | >= 18.4.0 < 18.4.5 | 18.4.5 |
| cisco | sd-wan | >= 19.2.0 < 19.2.2 | 19.2.2 |
| cisco | sd-wan_solution | — | — |