var-202005-0680
Vulnerability from variot
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. The device is mainly used to manage all strategies, reports, audit information, etc. of e-mail and Web security devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0680",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "content security management appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "13.6.0"
},
{
"model": "content security management appliance software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "content security management appliance",
"scope": "lt",
"trust": 0.6,
"vendor": "cisco",
"version": "13.6"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "8.3.6-039"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "9.1.0-31"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "9.1.0-103"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "9.6.6-068"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "9.7.0-006"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "12.0.1"
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "12.5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:content_security_management_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
}
]
},
"cve": "CVE-2020-3178",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-3178",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005191",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-27771",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-181303",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3178",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-3178",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-005191",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3178",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3178",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005191",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-27771",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-181303",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3178",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULHUB",
"id": "VHN-181303"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. The device is mainly used to manage all strategies, reports, audit information, etc. of e-mail and Web security devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULHUB",
"id": "VHN-181303"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3178",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-27771",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1616",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181303",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3178",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULHUB",
"id": "VHN-181303"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"id": "VAR-202005-0680",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULHUB",
"id": "VHN-181303"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
}
]
},
"last_update_date": "2024-11-23T22:25:27.360000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-sma-opn-rdrct-yPPMdsMQ",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-opn-rdrct-yPPMdsMQ"
},
{
"title": "Patch for Cisco Content Security Management Appliance input validation error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217139"
},
{
"title": "Cisco Content Security Management Appliance Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117805"
},
{
"title": "Cisco: Cisco Content Security Management Appliance Open Redirect Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sma-opn-rdrct-yPPMdsMQ"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2020/05/07/cisco_may_patches/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181303"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sma-opn-rdrct-yppmdsmq"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3178"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3178"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-content-security-management-appliance-open-redirect-32203"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1616/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/601.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181522"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULHUB",
"id": "VHN-181303"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "VULHUB",
"id": "VHN-181303"
},
{
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
},
{
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-181303"
},
{
"date": "2020-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"date": "2020-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-201"
},
{
"date": "2020-05-06T17:15:11.853000",
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-181303"
},
{
"date": "2020-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3178"
},
{
"date": "2020-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005191"
},
{
"date": "2020-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-201"
},
{
"date": "2024-11-21T05:30:29.420000",
"db": "NVD",
"id": "CVE-2020-3178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Content Security Management Appliance input validation error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-27771"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-201"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…