Professional Documents
Culture Documents
Fecha 2020-07-10T10:35:43.346Z
Vulnerabilidades
Activo afectado: cpe:/o:cisco:sg250x-24_ rmware:2.5.0.90
Detalle vulnerabilidades
CVE-2020-3297
Criticidad: 10
Fecha Publicación
02/07/2020 07:15
09/07/2020 21:13
Resumen
A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow
an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface.
The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device.
The vulnerability is due to the use of weak entropy generation for session identi er values. An attacker could exploit this vulnerability
to determine a current session identi er through brute force and reuse that session identi er to take over an ongoing session. In this
way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.
Métricas
VectorAV:N/AC:L/Au:N/C:C/I:C/A:C Severity:
Security Intelligence Center - CiberSOC
Informe de vulnerabilidades por Activo