cvelistv5 - cve-2020-3588

CVE-2020-3588 (GCVE-0-2020-3588)

Vulnerability from cvelistv5

Published

2020-11-06 18:16

Modified

2024-11-13 17:42

Severity ?

7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-22

Summary

A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients.

References

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ

vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Webex Meetings Desktop App	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201104 Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:17:11.779771Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:42:34.777Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Webex Meetings Desktop App",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-11-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-06T18:16:48.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201104 Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webex-vdi-qQrpBwuJ",
        "defect": [
          [
            "CSCvv52829"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-11-04T16:00:00",
          "ID": "CVE-2020-3588",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Webex Meetings Desktop App",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.3",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201104 Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-webex-vdi-qQrpBwuJ",
          "defect": [
            [
              "CSCvv52829"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3588",
    "datePublished": "2020-11-06T18:16:48.357Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:42:34.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2020-AVI-713

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

SD-WAN versions antérieures à 20.1.2
SD-WAN versions antérieures à 20.3.2
application Webex Meetings Desktop pour Windows 40.6.x versions antérieures à 40.6.9
application Webex Meetings Desktop pour Windows 40.8.x versions antérieures à 40.8.9
Webex Meetings sites 40.6.x versions antérieures à 40.6.11
Webex Meetings sites 40.8.x versions antérieures à 40.8.0
Webex Meetings Server 3.x versions antérieures à 3.0MR3 SP4
Webex Meetings Server 4.x versions antérieures à 4.0MR3 SP4
application Cisco AnyConnect Secure Mobility toutes versions avec les options "Auto Update" et "Enable Scripting" activées
Cisco IOS XR pour ASR 9000 versions antérieures à 6.5.2 avec une version de BIOS antérieure à 10.65, 14.35, 16.14, 17.34, 22.20, 30.23 ou 31.20 en fonction du matériel
Cisco IOS XR pour NCS 1000 versions antérieures à 7.1.1 avec une version de BIOS antérieure à 14.60
Cisco IOS XR pour NCS 540 versions antérieures à 7.2.1 avec une version de BIOS antérieure à 1.15
Cisco IOS XR pour NCS 560 versions antérieures à 6.6.3, 6.6.24 et 7.0.2 avec une version de BIOS antérieure à 0.14
Cisco IOS XR pour NCS 5000 versions antérieures à 7.2.1 avec une version de BIOS antérieure à 1.13 ou 1.14 en fonction du matériel
Cisco IOS XR pour NCS 5500 versions antérieures à 6.6.3 et 6.6.24 avec une version de BIOS antérieure à 9.30, 1.21 ou 1.12 en fonction du matériel

Les versions SD-WAN 18.x et 19.x sont également affectées et doivent faire l'objet d'une mise à jour vers les versions ci-dessus.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-vman-traversal-hQh24tmk du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webex-vdi-qQrpBwuJ du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-vepegr-4xynYLUj du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-vepeshlg-tJghOQcA du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-vmanage-escalation-Jhqs5Skf du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-vsoln-arbfile-gtsEYxns du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-vepescm-BjgQm4vJ du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webex-nbr-NOS6FQ24 du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-anyconnect-ipc-KfQO9QhK du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-voip-phone-flood-dos-YnU9EXOv du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-vepestd-8C3J9Vc du 04 novembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-anyconnect-ipc-KfQO9QhK du 04 février 2020	-	other
Bulletin de sécurité Cisco cisco-sa-vepegr-4xynYLUj du 04 février 2020	-	other
Bulletin de sécurité Cisco cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 du 04 février 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSD-WAN versions ant\u00e9rieures \u00e0 20.1.2\u003c/li\u003e \u003cli\u003eSD-WAN versions ant\u00e9rieures \u00e0 20.3.2\u003c/li\u003e \u003cli\u003eapplication Webex Meetings Desktop pour Windows 40.6.x versions ant\u00e9rieures \u00e0 40.6.9\u003c/li\u003e \u003cli\u003eapplication Webex Meetings Desktop pour Windows 40.8.x versions ant\u00e9rieures \u00e0 40.8.9\u003c/li\u003e \u003cli\u003eWebex Meetings sites 40.6.x versions ant\u00e9rieures \u00e0 40.6.11\u003c/li\u003e \u003cli\u003eWebex Meetings sites 40.8.x versions ant\u00e9rieures \u00e0 40.8.0\u003c/li\u003e \u003cli\u003eWebex Meetings Server 3.x versions ant\u00e9rieures \u00e0 3.0MR3 SP4\u003c/li\u003e \u003cli\u003eWebex Meetings Server 4.x versions ant\u00e9rieures \u00e0 4.0MR3 SP4\u003c/li\u003e \u003cli\u003e\u003cspan class=\"more\"\u003eapplication Cisco\u00a0AnyConnect Secure Mobility toutes versions avec les options \"Auto Update\" et \"Enable Scripting\" activ\u00e9es\u003c/span\u003e\u003c/li\u003e \u003cli\u003eCisco IOS XR pour ASR 9000 versions ant\u00e9rieures \u00e0 6.5.2 avec une version de BIOS ant\u00e9rieure \u00e0 10.65, 14.35, 16.14, 17.34, 22.20, 30.23 ou 31.20 en fonction du mat\u00e9riel\u003c/li\u003e \u003cli\u003eCisco IOS XR pour NCS 1000 versions ant\u00e9rieures \u00e0 7.1.1 avec une version de BIOS ant\u00e9rieure \u00e0 14.60\u003c/li\u003e \u003cli\u003eCisco IOS XR pour NCS 540 versions ant\u00e9rieures \u00e0 7.2.1 avec une version de BIOS ant\u00e9rieure \u00e0 1.15\u003c/li\u003e \u003cli\u003eCisco IOS XR pour NCS 560 versions ant\u00e9rieures \u00e0 6.6.3, 6.6.24 et 7.0.2 avec une version de BIOS ant\u00e9rieure \u00e0 0.14\u003c/li\u003e \u003cli\u003eCisco IOS XR pour NCS 5000 versions ant\u00e9rieures \u00e0 7.2.1 avec une version de BIOS ant\u00e9rieure \u00e0 1.13 ou 1.14 en fonction du mat\u00e9riel\u003c/li\u003e \u003cli\u003eCisco IOS XR pour NCS 5500 versions ant\u00e9rieures \u00e0 6.6.3 et 6.6.24 avec une version de BIOS ant\u00e9rieure \u00e0 9.30, 1.21 ou 1.12 en fonction du mat\u00e9riel\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes versions SD-WAN 18.x et 19.x sont \u00e9galement affect\u00e9es et doivent faire l\u0027objet d\u0027une mise \u00e0 jour vers les versions ci-dessus.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3284"
    },
    {
      "name": "CVE-2020-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3600"
    },
    {
      "name": "CVE-2020-3556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3556"
    },
    {
      "name": "CVE-2020-26074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26074"
    },
    {
      "name": "CVE-2020-3574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3574"
    },
    {
      "name": "CVE-2020-3595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3595"
    },
    {
      "name": "CVE-2020-26071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26071"
    },
    {
      "name": "CVE-2020-3593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3593"
    },
    {
      "name": "CVE-2020-3603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3603"
    },
    {
      "name": "CVE-2020-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3573"
    },
    {
      "name": "CVE-2020-3604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3604"
    },
    {
      "name": "CVE-2020-26073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26073"
    },
    {
      "name": "CVE-2020-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3588"
    }
  ],
  "initial_release_date": "2020-11-05T00:00:00",
  "last_revision_date": "2020-11-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-ipc-KfQO9QhK du 04 f\u00e9vrier 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepegr-4xynYLUj du 04 f\u00e9vrier 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 du 04 f\u00e9vrier 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2"
    }
  ],
  "reference": "CERTFR-2020-AVI-713",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-05T00:00:00.000000"
    },
    {
      "description": "ajout des syst\u00e8mes affect\u00e9s manquants et correction de dates erron\u00e9es",
      "revision_date": "2020-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vman-traversal-hQh24tmk du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-vdi-qQrpBwuJ du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepegr-4xynYLUj du 04 novembre 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepeshlg-tJghOQcA du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vmanage-escalation-Jhqs5Skf du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vsoln-arbfile-gtsEYxns du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepescm-BjgQm4vJ du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-nbr-NOS6FQ24 du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-ipc-KfQO9QhK du 04 novembre 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 du 04 novembre 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-voip-phone-flood-dos-YnU9EXOv du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepestd-8C3J9Vc du 04 novembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-3588 (GCVE-0-2020-3588)

Vulnerability from cvelistv5

CERTFR-2020-AVI-713

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature