What is CVE-2020-3335?

CVE-2020-3335 is a medium-severity vulnerability in Cisco Application Policy Infrastructure Controller (Apic), classified under Missing Authentication for Critical Function. CVSS score: 5.5/10. Published 2020-06-03.

How severe is CVE-2020-3335?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Auth bypass in Cisco Application Policy Infrastructure Controller (Apic)

CVE-2020-3335

A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient author…

Vulnerability class: Broken Authentication

EPSS: 0.000 (14.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Application Policy Infrastructure Controller (Apic) — versions n/a

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

20200603 Cisco Application Services Engine Software Authorization Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3335?: CVE-2020-3335 is a medium-severity vulnerability in Cisco Application Policy Infrastructure Controller (Apic), classified under Missing Authentication for Critical Function. CVSS score: 5.5/10. Published 2020-06-03.
How severe is CVE-2020-3335?: Medium severity. CVSS v3 base score is 5.5 out of 10.