Welcome to Scribd!

Vulnerabilidades: Security Intelligence Center

Uploaded by

0% found this document useful (0 votes)

21 views2 pages

The document is a vulnerability report for an asset dated July 10, 2020. It reports on two vulnerabilities found in Cisco Small Business Smart and Managed Switch firmware version 2.5.0.90. The first vulnerability (CVE-2020-3297) with a severity score of 10 could allow an unauthenticated remote attacker to defeat authentication and gain unauthorized access to the management interface by brute forcing session IDs. The second vulnerability (CVE-2020-3121) has a severity score of 4.3.

Original Description:

Original Title

Cisco_firmware_2.5.0.90

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

21 views2 pages

Vulnerabilidades: Security Intelligence Center

Uploaded by

gusanito007

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

Security Intelligence Center

Informe de vulnerabilidades por Activo

Tipo de documento Informe de vulnerabilidades por Activo

Fecha 2020-07-10T10:35:43.346Z

Autor Security Intelligence Center

Clasi cación de Seguridad

Vulnerabilidades
Activo afectado: cpe:/o:cisco:sg250x-24_ rmware:2.5.0.90

Código CVE Criticidad Última Publicación

CVE-2020-3297 10 09/07/2020 21:13

CVE-2020-3121 4.3 31/01/2020 18:32

Detalle vulnerabilidades

CVE-2020-3297
Criticidad: 10

Fecha Publicación

02/07/2020 07:15

Fecha Última Modi cación

09/07/2020 21:13

Resumen

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow
an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface.
The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device.
The vulnerability is due to the use of weak entropy generation for session identi er values. An attacker could exploit this vulnerability
to determine a current session identi er through brute force and reuse that session identi er to take over an ongoing session. In this
way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.

Métricas

Version2.0 Base Score: 10

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C Severity:
Security Intelligence Center - CiberSOC
Informe de vulnerabilidades por Activo

Access VectorNETWORK Exploitability Score: 10

Access ComplexityLOW Impact Score: 10

AuthenticationNONE Obtain All Privilege: false

Con dentiality ImpactCOMPLETE ObtainUser Privilege: false

Integrity ImpactCOMPLETE ObtainOther Privilege: false

Availability ImpactCOMPLETE User Interaction Required: false

CEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021
From Everand
CEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021
IP Specialist
No ratings yet
CVE-2010-3978 Spree E-Commerce JSON Hijacking Vulnerabilities
Document5 pages
CVE-2010-3978 Spree E-Commerce JSON Hijacking Vulnerabilities
Conviso Application Security
No ratings yet
OWASP TOP 10 2017: Compliance Report
Document20 pages
OWASP TOP 10 2017: Compliance Report
Ngono Chrystelle
No ratings yet
Assignment 1 - CSCI2303-Threat Hunting Template
Document5 pages
Assignment 1 - CSCI2303-Threat Hunting Template
irdinazman01
No ratings yet
Developer HTTP Dev Ubk Polindra Ac Id Dashboard
Document59 pages
Developer HTTP Dev Ubk Polindra Ac Id Dashboard
Winda Jayatri
No ratings yet
Sample Report Web
Document19 pages
Sample Report Web
Muhammad Awais
No ratings yet
OWASP Top 10 2017 Https Cei Synerioncloud Com SynerionWeb Account Login
Document32 pages
OWASP Top 10 2017 Https Cei Synerioncloud Com SynerionWeb Account Login
Rishu Kumar
No ratings yet
Reporte Vulnerabilidad
Document17 pages
Reporte Vulnerabilidad
victor manuel diaz donoso
No ratings yet
ISO 27001 Compliance Report Summary/TITLE
Document22 pages
ISO 27001 Compliance Report Summary/TITLE
Ngono Chrystelle
No ratings yet
In The Wake of Solarwinds Compromise
Document10 pages
In The Wake of Solarwinds Compromise
alfred.x.andrews
No ratings yet
Developer HTTP Dev Ubk Polindra Ac Id Dashboard
Document99 pages
Developer HTTP Dev Ubk Polindra Ac Id Dashboard
Winda Jayatri
No ratings yet
Estadisticas de Vulnerabilidad 2021
Document31 pages
Estadisticas de Vulnerabilidad 2021
J Carlos S Alcocer
No ratings yet
ISO 27001 Compliance Report for Web Application Security Scan
Document464 pages
ISO 27001 Compliance Report for Web Application Security Scan
Abhishek Sahu
No ratings yet
ISO 27001 Compliance Report for Web Application Security Scan
Document464 pages
ISO 27001 Compliance Report for Web Application Security Scan
Abhishek Sahu
0% (1)
Developer All Vulnerabilities
Document225 pages
Developer All Vulnerabilities
optimium888
No ratings yet
IDS and IPS Technical Report (2005
Document6 pages
IDS and IPS Technical Report (2005
Liziane Tamm
No ratings yet
Cisco Small Business Routers Vulnerable To Authentication Bypass and Remote Code Execution
Document5 pages
Cisco Small Business Routers Vulnerable To Authentication Bypass and Remote Code Execution
spamkuakua
No ratings yet
Reporte de Seguridad Checkpoint - Security Checkup Feb 2 2023 08 00 18 586 AM
Document16 pages
Reporte de Seguridad Checkpoint - Security Checkup Feb 2 2023 08 00 18 586 AM
logan.paez.crist
No ratings yet
Secureworks E1 LearningfromIncidentResponseJan-Mar22
Document12 pages
Secureworks E1 LearningfromIncidentResponseJan-Mar22
TTS
No ratings yet
F5 Advanced WAF Golden Pitch0718
Document22 pages
F5 Advanced WAF Golden Pitch0718
Priyesh MP
No ratings yet
As 801 Fundamentals of DotNET Application Security
Document109 pages
As 801 Fundamentals of DotNET Application Security
Austin Louis Andrade
No ratings yet
Ra CW TEMPLATE 23-24 - 7wcm2005-1
Document90 pages
Ra CW TEMPLATE 23-24 - 7wcm2005-1
Zamica Zamica
No ratings yet
NVD - Cve-2023-36802
Document3 pages
NVD - Cve-2023-36802
You
No ratings yet
Documento1 2
Document4 pages
Documento1 2
hajodocumento
No ratings yet
Final Cyber Security Book (2014-15)
Document188 pages
Final Cyber Security Book (2014-15)
Kartik Gulati
No ratings yet
PentestTools WebsiteScanner Report
Document7 pages
PentestTools WebsiteScanner Report
Mario Sernaque Rumiche
No ratings yet
Vulnerability Assessment and Relevance of It in ISO 27001: Information Security Conference - ISO 27001
Document52 pages
Vulnerability Assessment and Relevance of It in ISO 27001: Information Security Conference - ISO 27001
Konrad Wisniewski
No ratings yet
Web VA - PdfStatement - 29-02-2024
Document50 pages
Web VA - PdfStatement - 29-02-2024
Kaushalya Jayakodi
No ratings yet
Ds Anti Bot
Document2 pages
Ds Anti Bot
Robert
No ratings yet
Astra Security - Sample Report For VAPT
Document30 pages
Astra Security - Sample Report For VAPT
Indian Opinion
No ratings yet
CVE Presentation
Document17 pages
CVE Presentation
shayan
No ratings yet
Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
Lab - Researching Network Attacks and Security Audit Tools
Alvaro Avila Quiros
No ratings yet
Researching Network Attacks and Security Audit Tools
Document4 pages
Researching Network Attacks and Security Audit Tools
Axelle Carcache
No ratings yet
Developer
Document7 pages
Developer
Anonymous 9QZfmX3y
No ratings yet
Ank 126q PDF
Document92 pages
Ank 126q PDF
Claudio Ramirez
No ratings yet
Developer: Acunetix Security Audit
Document15 pages
Developer: Acunetix Security Audit
Cristian Ramirez
No ratings yet
Cyberops Undip
Document5 pages
Cyberops Undip
Adi
No ratings yet
TitusElian SBACyberOps FGADTS2019 Batch2
Document4 pages
TitusElian SBACyberOps FGADTS2019 Batch2
Titus Elian
50% (2)
cl0p Lockbit New Data Breaches Sector Alert
Document5 pages
cl0p Lockbit New Data Breaches Sector Alert
Suek Bana
No ratings yet
We All Are DevSecOps
Document54 pages
We All Are DevSecOps
qv56xvb2bc
No ratings yet
Watchguard SME Event July 2015
Document37 pages
Watchguard SME Event July 2015
duongtangsg
No ratings yet
WedgeARP AMB v2.1 Training - Module G - Operations
Document59 pages
WedgeARP AMB v2.1 Training - Module G - Operations
ahmed gaafar
No ratings yet
WebStrike PDF Report
Document4 pages
WebStrike PDF Report
Biswajit
No ratings yet
FaceTec_Liveness_Security_Report_Q2_2022
Document6 pages
FaceTec_Liveness_Security_Report_Q2_2022
galewela.com
No ratings yet
AVG Web Intelligence
Document9 pages
AVG Web Intelligence
shoaibyousuf
No ratings yet
CITS1003 6 Vulnerabilities
Document34 pages
CITS1003 6 Vulnerabilities
Phyo Min
No ratings yet
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
safwan eshamasul
No ratings yet
KK-Threat Modelling Report
Document15 pages
KK-Threat Modelling Report
samiksha5singhal
No ratings yet
CyberOps 2019 Skills Assessment
Document6 pages
CyberOps 2019 Skills Assessment
edu maria
100% (2)
Secure Internet Banking With Visual Authentication Protocol: Saraswathi. R, Shanmathi. G, Preethi. P, Arul. U
Document3 pages
Secure Internet Banking With Visual Authentication Protocol: Saraswathi. R, Shanmathi. G, Preethi. P, Arul. U
International Journal of Scientific Research in Science, Engineering and Technology ( IJSRSET )
No ratings yet
2021 Network Security Report
Document9 pages
2021 Network Security Report
Heber Vazquez
No ratings yet
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
1.4.1.1 Lab - Researching Network Attacks and Security Audit Tools
Jordan Tobing
No ratings yet
SCADA Security Overview
Document16 pages
SCADA Security Overview
tevexin998
100% (1)
National Critical Infrastructure Protection Centre CVE Report Volume 5 Highlights Vulnerabilities
Document4 pages
National Critical Infrastructure Protection Centre CVE Report Volume 5 Highlights Vulnerabilities
Ravi Sankar
No ratings yet
Bugcrowd Vulnerability Rating Taxonomy 1.10
Document14 pages
Bugcrowd Vulnerability Rating Taxonomy 1.10
Ben
No ratings yet
End of Unit Quiz - Unit 1.6 System Security
Document12 pages
End of Unit Quiz - Unit 1.6 System Security
Maspi
No ratings yet
Analisis WEB PABELLON
Document93 pages
Analisis WEB PABELLON
Nelson Torres
No ratings yet
1.5.1.1 Lab - Researching Network Attacks and Security Audit Tools
Document4 pages
1.5.1.1 Lab - Researching Network Attacks and Security Audit Tools
Charlie Nevarez Witt
100% (1)
ITC263 S Lesson5
Document29 pages
ITC263 S Lesson5
lawerence
No ratings yet
Nischita Paudel N4
Document5 pages
Nischita Paudel N4
Nissita Pdl
No ratings yet
Fast Track 6 2 ILT Datasheet 1
Document1 page
Fast Track 6 2 ILT Datasheet 1
Swapnil Bankar
No ratings yet
PythonNotes Original
Document47 pages
PythonNotes Original
rationalthinkerdd
No ratings yet
Certified Penetration Testing Professional
Document5 pages
Certified Penetration Testing Professional
darknetbot307
No ratings yet
Content Log
Document7 pages
Content Log
lormull
No ratings yet
Configure ILO
Document3 pages
Configure ILO
saiful
No ratings yet
Azure Capacity Planning - Google Search - 11
Document2 pages
Azure Capacity Planning - Google Search - 11
sai vishnu vardhan
No ratings yet
Oracle Fusion Reporting - OTBI
Document10 pages
Oracle Fusion Reporting - OTBI
IBO Singapore
No ratings yet
CSC 104 Course Material
Document23 pages
CSC 104 Course Material
David Omagu
No ratings yet
3-Tier Architecture in C# - CodeProject
Document8 pages
3-Tier Architecture in C# - CodeProject
Rodrigo Varella Rahmi
No ratings yet
ITIL 4 Foundation - 7 Questions
Document50 pages
ITIL 4 Foundation - 7 Questions
timpu33
No ratings yet
PVF customer tracking system analysis
Document12 pages
PVF customer tracking system analysis
gouthamreddys
0% (1)
CiscoPrimeInfrastructure 3 4 0 UserGuide
Document960 pages
CiscoPrimeInfrastructure 3 4 0 UserGuide
Raymond Chin
No ratings yet
Flksmcls
Document98 pages
Flksmcls
thisisomj
No ratings yet
City Ordinance No. 079 2022 Establishing New Departments Division and Offices in The Admininistrative Structure of The CGT
Document24 pages
City Ordinance No. 079 2022 Establishing New Departments Division and Offices in The Admininistrative Structure of The CGT
Rhea Belga Zabala
No ratings yet
Status of Ecommerce in Nepal
Document4 pages
Status of Ecommerce in Nepal
Suraj Thapa
100% (1)
18CSC301J - Data Management Systems: Unit - 1: Session - 5: SLO - 1&2
Document9 pages
18CSC301J - Data Management Systems: Unit - 1: Session - 5: SLO - 1&2
Deena
No ratings yet
Customer Relationship Management: Customer Relationship Management (CRM) Is A Broad Term That Covers Concepts Used
Document46 pages
Customer Relationship Management: Customer Relationship Management (CRM) Is A Broad Term That Covers Concepts Used
kartheek_aldi
No ratings yet
Week 7 - Final
Document12 pages
Week 7 - Final
api-414181025
No ratings yet
Checkpoint Interview
Document18 pages
Checkpoint Interview
Kaushal Kishor
100% (1)
Unit 4 Ethical Hacking
Document17 pages
Unit 4 Ethical Hacking
pranavi mohite
No ratings yet
Perancangan Sistem Basisdata Erp (Entreprise Resource Planning) Pendidikan Tinggi Dengan Metode Soa (Services Oriented Architecture) Anief Rufiyanto
Document14 pages
Perancangan Sistem Basisdata Erp (Entreprise Resource Planning) Pendidikan Tinggi Dengan Metode Soa (Services Oriented Architecture) Anief Rufiyanto
Lukman Nulhakim
No ratings yet
Streaming Audio and Video: Presented by Mostafa Monwar
Document21 pages
Streaming Audio and Video: Presented by Mostafa Monwar
Imran CH
No ratings yet
6F13G Formation Ibm Sterling Control Center Managing Control Center PDF
Document1 page
6F13G Formation Ibm Sterling Control Center Managing Control Center PDF
CertyouFormation
No ratings yet
Ds Certified Application Developer
Document7 pages
Ds Certified Application Developer
anil
No ratings yet
Interviwe Questions Devops
Document61 pages
Interviwe Questions Devops
Hemanth Kumar
No ratings yet
Build A Static Website With Amazon S3 Activity
Document7 pages
Build A Static Website With Amazon S3 Activity
Rapherson Tineo
No ratings yet
Hadoop 2.0
Document20 pages
Hadoop 2.0
krishan Goyal
No ratings yet
Savitribaiphule Pune University Third Year of Computer Engineering (2015 Course) 410247:laboratory Practice Ii
Document3 pages
Savitribaiphule Pune University Third Year of Computer Engineering (2015 Course) 410247:laboratory Practice Ii
Deven
No ratings yet
Jis M 8101
Document25 pages
Jis M 8101
Anton De la rua
No ratings yet
Internet of Things
Document29 pages
Internet of Things
Rochelle Siolao
No ratings yet