Vision Dynamic Signage Director
CVE-2020-3485
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access.
AnalysisAI
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because the web management software does not properly handle RBAC. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to view and delete certain screen content on the system that the attacker would not normally have privileges to access. Affected products include: Cisco Vision Dynamic Signage Director.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remot
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenti
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenti
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenti
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authentica
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authentica
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authentica
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today