CVE-2020-3482

CWE-284Improper Access ControlCWE-269Improper Privilege Management4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 58.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ExpresswayCisco Telepresence Video Communication ServerCisco Cisco Telepresence Video Communication Server (vcs) Expressway
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

NVDcisco/expressway< x12.6.3

🔴Vulnerability Details

2
GHSA
GHSA-r379-mpqq-hxmh: A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote a2022-05-24
CVEList
Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco Expressway Software TURN Server Configuration Issue2020-11-19
CVE-2020-3482 (MEDIUM CVSS 6.5) | A vulnerability in the Traversal Us | cvebase.io