"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2020-07-31 01:01:35 +00:00 · 2020-07-31 01:01:35 +00:00 · b23ee526e7
commit b23ee526e7
parent 2e42e9f19c
11 changed files with 22 additions and 22 deletions
--- a/2020/3xxx/CVE-2020-3374.json
+++ b/2020/3xxx/CVE-2020-3374.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": " A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system. "
+                "value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The vulnerability is due to insufficient authorization checking on the affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. The attacker may be able to access sensitive information, modify the system configuration, or impact the availability of the affected system."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3375.json
+++ b/2020/3xxx/CVE-2020-3375.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": " A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. "
+                "value": "A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3376.json
+++ b/2020/3xxx/CVE-2020-3376.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device.\r The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM.\r "
+                "value": "A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions on an affected device. The vulnerability is due to a failure in the software to perform proper authentication. An attacker could exploit this vulnerability by browsing to one of the hosted URLs in Cisco DCNM. A successful exploit could allow the attacker to interact with and use certain functions within the Cisco DCNM."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3377.json
+++ b/2020/3xxx/CVE-2020-3377.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": " A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM. "
+                "value": "A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted arguments to a specific field within the application. A successful exploit could allow the attacker to run commands as the administrator on the DCNM."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3382.json
+++ b/2020/3xxx/CVE-2020-3382.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.\r The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.\r "
+                "value": "A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a static encryption key. An attacker could exploit this vulnerability by using the static key to craft a valid session token. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3383.json
+++ b/2020/3xxx/CVE-2020-3383.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.\r The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user.\r "
+                "value": "A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3384.json
+++ b/2020/3xxx/CVE-2020-3384.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user.\r The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system.\r "
+                "value": "A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to inject arbitrary commands on the underlying operating system."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3386.json
+++ b/2020/3xxx/CVE-2020-3386.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device.\r The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges.\r "
+                "value": "A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3460.json
+++ b/2020/3xxx/CVE-2020-3460.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.\r "
+                "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by intercepting a request from a user and injecting malicious data into an HTTP header. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3461.json
+++ b/2020/3xxx/CVE-2020-3461.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device.\r The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device.\r "
+                "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface. A successful exploit could allow the attacker to read confidential information from an affected device."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}
--- a/2020/3xxx/CVE-2020-3462.json
+++ b/2020/3xxx/CVE-2020-3462.json
@ -36,7 +36,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "\r A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.\r "
+                "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database."
            }
        ]
    },
@ -83,4 +83,4 @@
        ],
        "discovery": "INTERNAL"
    }
-}
+}