What is CVE-2020-3367?

CVE-2020-3367 is a medium-severity vulnerability in Cisco Web Security Appliance (Wsa), classified under OS Command Injection. CVSS score: 5.3/10. Published 2020-11-18.

How severe is CVE-2020-3367?

Medium severity. CVSS v3 base score is 5.3 out of 10.

RCE in Cisco Web Security Appliance (Wsa)

CVE-2020-3367

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to roo…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (54.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Cisco Web Security Appliance (Wsa) — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

20201118 Cisco Secure Web Appliance Privilege Escalation Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3367?: CVE-2020-3367 is a medium-severity vulnerability in Cisco Web Security Appliance (Wsa), classified under OS Command Injection. CVSS score: 5.3/10. Published 2020-11-18.
How severe is CVE-2020-3367?: Medium severity. CVSS v3 base score is 5.3 out of 10.