CVE-2020-3598: Cisco Vision Dynamic Signage Director Missing Authentication Vulnerability
First published: Thu Oct 08 2020(Updated: )
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Vision Dynamic Signage Director | <6.2.0 | |
| Cisco Vision Dynamic Signage Director | =6.2.0 | |
| Cisco Vision Dynamic Signage Director | =6.2.0-sp1 | |
| Cisco Vision Dynamic Signage Director | =6.2.0-sp2 | |
| Cisco Vision Dynamic Signage Director | =6.2.0-sp3 | |
| Cisco Vision Dynamic Signage Director | =6.2.0-sp4 | |
| Cisco Vision Dynamic Signage Director | =6.2.0-sp5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3598?
CVE-2020-3598 is a vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director that could allow an unauthenticated, remote attacker to access confidential information or make configuration changes.
How does CVE-2020-3598 affect Cisco Vision Dynamic Signage Director?
CVE-2020-3598 affects Cisco Vision Dynamic Signage Director by allowing an unauthenticated, remote attacker to access confidential information or make configuration changes.
What is the severity of CVE-2020-3598?
CVE-2020-3598 has a severity rating of medium.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-3598?
The CWE ID for CVE-2020-3598 is 306.
How can I fix the vulnerability CVE-2020-3598?
To fix the vulnerability CVE-2020-3598, it is recommended to update Cisco Vision Dynamic Signage Director to version 6.2.0-sp5 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/cisco
- canonical/cisco vision dynamic signage director
- version/cisco vision dynamic signage director/6.2.0
- version/cisco vision dynamic signage director/6.2.0-sp1
- version/cisco vision dynamic signage director/6.2.0-sp2
- version/cisco vision dynamic signage director/6.2.0-sp3
- version/cisco vision dynamic signage director/6.2.0-sp4
- version/cisco vision dynamic signage director/6.2.0-sp5