nvd-json-data-feeds/CVE-2020/CVE-2020-33xx/CVE-2020-3362.json

{
  "id": "CVE-2020-3362",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2020-06-18T03:15:14.607",
  "lastModified": "2021-08-06T18:50:52.433",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI de Cisco Network Services Orchestrator (NSO), podr\u00eda permitir a un atacante local autenticado acceder a informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a un problema de sincronizaci\u00f3n en el procesamiento de los comandos de la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad al ejecutar una secuencia espec\u00edfica de comandos en la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer la informaci\u00f3n de configuraci\u00f3n que normalmente ser\u00eda accesible solo para administradores"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV30": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.7.7.3",
              "matchCriteriaId": "EBCE3A91-9C74-4B30-9559-6DEBB45F3E5A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.1.0.1",
              "versionEndExcluding": "5.1.4.2",
              "matchCriteriaId": "41099C1F-E26C-4B42-8F51-4B6727D54246"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}