First published: Thu Jul 16 2020(Updated: )
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Sd-wan Firmware | <18.4.5 | |
Cisco Sd-wan Firmware | >=19.2.0<19.2.3 | |
Cisco 1100-4g Integrated Services Router | ||
Cisco 1100-4gltegb Integrated Services Router | ||
Cisco 1100-4gltena Integrated Services Router | ||
Cisco 1100-6g Integrated Services Router | ||
Cisco Vedge 100 | ||
Cisco Vedge 1000 | ||
Cisco Vedge 100b | ||
Cisco Vedge 100m | ||
Cisco Vedge 100wm | ||
Cisco Vedge 2000 | ||
Cisco Vedge 5000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3378 is a vulnerability in the web-based management interface for Cisco SD-WAN vManage Software that could allow an authenticated, remote attacker to execute arbitrary SQL queries.
CVE-2020-3378 has a severity rating of 4.3 out of 10.
The affected software versions include Cisco SD-WAN vManage Software up to and including 18.4.5, and versions between 19.2.0 and 19.2.3.
The CWE number for CVE-2020-3378 is CWE-89.
More information about CVE-2020-3378 can be found at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sivm-M8wugR9O).