What is CVE-2020-3140?

CVE-2020-3140 is a vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software that could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

How severe is CVE-2020-3140?

CVE-2020-3140 has a severity rating of 9.8 (Critical).

How does CVE-2020-3140 impact Cisco Prime License Manager (PLM) Software?

CVE-2020-3140 affects Cisco Prime License Manager (PLM) Software versions 10.5(2)su9 to 11.5(1)su6.

What is the Common Weakness Enumeration (CWE) ID for CVE-2020-3140?

CVE-2020-3140 is associated with CWE-863 and CWE-255.

How can I fix CVE-2020-3140?

To fix CVE-2020-3140, it is recommended to apply the necessary security patches provided by Cisco.

Vulnerability/
CVE-2020-3140

critical

CWE

863 255

16/7/2020

15/11/2024

CVE-2020-3140: Cisco Prime License Manager Privilege Escalation Vulnerability

First published: Thu Jul 16 2020(Updated: )

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Prime License Manager	<=10.5\(2\)su9
Cisco Prime License Manager	>=11.0<=11.5\(1\)su6

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA

Frequently Asked Questions

What is CVE-2020-3140?
CVE-2020-3140 is a vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software that could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
How severe is CVE-2020-3140?
CVE-2020-3140 has a severity rating of 9.8 (Critical).
How does CVE-2020-3140 impact Cisco Prime License Manager (PLM) Software?
CVE-2020-3140 affects Cisco Prime License Manager (PLM) Software versions 10.5(2)su9 to 11.5(1)su6.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-3140?
CVE-2020-3140 is associated with CWE-863 and CWE-255.
How can I fix CVE-2020-3140?
To fix CVE-2020-3140, it is recommended to apply the necessary security patches provided by Cisco.

collector/nvd-index
agent/weakness
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/title
agent/tags
agent/author
agent/event
vendor/cisco
canonical/cisco prime license manager
version/cisco prime license manager/10.5\(2\)su9
version/cisco prime license manager/11.0
version/cisco prime license manager/11.5\(1\)su6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.