CVE-2020-3180Insufficiently Protected Credentials in Cisco Sd-wan

CWE-264CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 73.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wanCisco Sd-wan Vmanage
Timeline
PublishedJul 16
Latest updateMay 24

Description

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by usin

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan18.3.018.3.6+2

🔴Vulnerability Details

2
GHSA
GHSA-9f2x-x83c-j7w8: A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that2022-05-24
CVEList
Cisco SD-WAN Solution Software Static Credentials Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Software Static Credentials Vulnerability2020-07-15
CVE-2020-3180 — Insufficiently Protected Credentials | cvebase