First published: Thu Jul 16 2020(Updated: )
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco SD-WAN | >=18.3.0<18.3.6 | |
Cisco 1100-4g Integrated Services Router | ||
Cisco 1100-4gltegb Integrated Services Router | ||
Cisco 1100-4gltena Integrated Services Router | ||
Cisco 1100-6g Integrated Services Router | ||
Cisco 1100 Integrated Services Router | ||
Cisco Vedge 100 | ||
Cisco Vedge 1000 | ||
Cisco Vedge 100b | ||
Cisco Vedge 100m | ||
Cisco Vedge 100wm | ||
Cisco Vedge 2000 | ||
Cisco Vedge 5000 | ||
Cisco SD-WAN | >=18.4.0<18.4.5 | |
Cisco SD-WAN | >=19.2.0<19.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-3180.
CVE-2020-3180 has a severity level of 7.8 (high).
The affected software includes Cisco SD-WAN Solution Software versions between 18.3.0 and 18.3.6, versions between 18.4.0 and 18.4.5, and versions between 19.2.0 and 19.2.2.
CVE-2020-3180 is a vulnerability in Cisco SD-WAN Solution Software that allows an unauthenticated, local attacker to access an affected device using a default, static password.
No, Cisco 1100-4g Integrated Services Router is not vulnerable to CVE-2020-3180.