cbcvebase.
CVE-2020-3490
published 2020-08-26

CVE-2020-3490: A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with…

PriorityP431medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
3.04%
85.9th percentile
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_vision_dynamic_signage_director
ciscovision_dynamic_signage_director
ciscovision_dynamic_signage_director_path

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:C/I:N/A:N
vendor_cisco4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.