CVE-2020-3362

CWE-200 — Information Exposure4 documents4 sources

Severity

4.7MEDIUM

EPSS

0.1%

top 81.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Network Services Orchestrator Cisco Cisco Network Services Orchestrator

Timeline

PublishedJun 18

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/network_services_orchestrator5.1.0.1 — 5.1.4.2+1

▶CVEListV5cisco/cisco_network_services_orchestratorn/a

🔴Vulnerability Details

GHSA

GHSA-jx7x-rhq6-mfr6: A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential informatio↗2022-05-24

▶

CVEList

Cisco Network Services Orchestrator Information Disclosure Vulnerability↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco Network Services Orchestrator Information Disclosure Vulnerability↗2020-06-17

▶