- Description
- A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B924F9AC-46FE-4587-AA9D-1CB6102F2DE2",
"versionEndExcluding": "20.6.3",
"versionStartIncluding": "20.4.1"
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan:20.3.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C2FBD6B-5E9B-49B6-9832-49721EC2A809"
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan:20.3.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55592EA0-64B8-4B4E-9908-A1282DE1279E"
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan:20.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12F6186F-0690-45B1-A22B-8331E2A4BF38"
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan:20.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65439145-5E94-4FF7-BEB3-C80BA4E4602F"
}
],
"operator": "OR"
}
]
}
]