CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-3140

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile29.92th
Published2020年7月16日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.

Affected Platforms (CPE)

📦
Cisco

Prime License Manager

<= 10.5\(2\)su9
📦
Cisco

Prime License Manager

>= 11.0 and <= 11.5\(1\)su6

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA

相关漏洞威胁

CVE-2018-154419.4

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to ...

CVE-2021-13628.8

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Man...

CVE-2017-67797.5

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati...

CVE-2021-12264.3

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Sessi...