CVE-2020-3595
Description
A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.027
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco SD-WAN Software Privilege Escalation Vulnerability For Cisco vEdge Router | NCM |
| Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-3595) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705270 | Security Update for Cisco vEdge Router sdwan-19.2.2 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234