CyberSec.Space Logo
Back to CVE Browser

CVE-2020-3140

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile29.92th
PublishedJul 16, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.

Affected Platforms (CPE)

📦
Cisco

Prime License Manager

<= 10.5\(2\)su9
📦
Cisco

Prime License Manager

>= 11.0 and <= 11.5\(1\)su6

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA

Related Vulnerabilities

CVE-2018-154419.4

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to ...

CVE-2021-13628.8

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Man...

CVE-2017-67797.5

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati...

CVE-2021-12264.3

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Sessi...