What is CVE-2020-3387?

CVE-2020-3387 is a high-severity vulnerability in Cisco Sd-wan Vmanage, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2020-07-16.

How severe is CVE-2020-3387?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2020-3387 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Cisco Sd-wan Vmanage

CVE-2020-3387

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authenticati…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.392 (97.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Sd-wan Vmanage — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

20200715 Cisco SD-WAN vManage Software Remote Code Execution Vulnerability (vendor-advisory, x_refsource_CISCO)
packetstormsecurity.com/files/162958/Cisco-SD-WAN-vManage-19.2.2-Remote-Root.ht… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-3387?: CVE-2020-3387 is a high-severity vulnerability in Cisco Sd-wan Vmanage, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2020-07-16.
How severe is CVE-2020-3387?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2020-3387 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.