CVE-2020-3378: Cisco SD-WAN vManage Software SQL Injection Vulnerability
First published: Wed Jul 15 2020(Updated: )
A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Sd-wan Firmware | <18.4.5 | |
| Cisco Sd-wan Firmware | >=19.2.0<19.2.3 | |
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco Vedge 100 | ||
| Cisco Vedge 1000 | ||
| Cisco Vedge 100b | ||
| Cisco Vedge 100m | ||
| Cisco Vedge 100wm | ||
| Cisco Vedge 2000 | ||
| Cisco Vedge 5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3378?
CVE-2020-3378 is a vulnerability in the web-based management interface for Cisco SD-WAN vManage Software that could allow an authenticated, remote attacker to execute arbitrary SQL queries.
How severe is CVE-2020-3378?
CVE-2020-3378 has a severity rating of 4.3 out of 10.
Which software versions are affected by CVE-2020-3378?
The affected software versions include Cisco SD-WAN vManage Software up to and including 18.4.5, and versions between 19.2.0 and 19.2.3.
What is the Common Weakness Enumeration (CWE) number for CVE-2020-3378?
The CWE number for CVE-2020-3378 is CWE-89.
Where can I find more information about CVE-2020-3378?
More information about CVE-2020-3378 can be found at the following link: [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sivm-M8wugR9O).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco sd-wan firmware
- version/cisco sd-wan firmware/19.2.0
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco vedge 100
- canonical/cisco vedge 1000
- canonical/cisco vedge 100b
- canonical/cisco vedge 100m
- canonical/cisco vedge 100wm
- canonical/cisco vedge 2000
- canonical/cisco vedge 5000