SB2020082506 - Multiple vulnerabilities in Cisco Connected Mobile Experiences

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020082506

SB2020082506 - Multiple vulnerabilities in Cisco Connected Mobile Experiences

Published: August 25, 2020

Security Bulletin ID SB2020082506
Severity
Low
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2020-3151)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to insufficient security mechanisms in the restricted shell implementation in the CLI. A local administrator can send specially crafted commands to the CLI, bypass authentication process and gain unauthorized access to the application.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3152)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local administrator can send specially crafted commands to the CLI, elevate privileges and execute arbitrary commands on the underlying operating system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References