Vision Dynamic Signage Director
CVE-2020-3598
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes.
AnalysisAI
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes. The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to read confidential information or make configuration changes. Affected products include: Cisco Vision Dynamic Signage Director.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remot
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dyn
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenti
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenti
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authentica
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authentica
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authentica
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today