CVE-2020-3193

A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include unnecessary server information. An attacker could exploit this vulnerability by inspecting replies received from the web-based management interface. A successful exploit could allow the attacker to obtain details about the operating system, including the web server version that is running on the device, which could be used to perform further attacks.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prim-collab-disclo-FAnX4DKB	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:prime_collaboration_provisioning::::::::
	cpe:2.3:a:cisco:prime_collaboration_provisioning:12.6:-::::::
	cpe:2.3:a:cisco:prime_collaboration_provisioning:12.6:service_update1::::::

History

No history.

Information

Published : 2020-03-04 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-3193

Mitre link : CVE-2020-3193

CVE.ORG link : CVE-2020-3193

JSON object : View

Products Affected

cisco

prime_collaboration_provisioning

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2020-3193", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-03-04T19:15:13.727", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prim-collab-disclo-FAnX4DKB", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to obtain sensitive information about an affected device. The vulnerability exists because replies from the web-based management interface include unnecessary server information. An attacker could exploit this vulnerability by inspecting replies received from the web-based management interface. A successful exploit could allow the attacker to obtain details about the operating system, including the web server version that is running on the device, which could be used to perform further attacks."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Prime Collaboration Provisioning, podr\u00eda permitir a un atacante remoto no autenticado obtener informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad se presenta porque las respuestas de la interfaz de administraci\u00f3n basada en web incluyen informaci\u00f3n del servidor innecesaria. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la inspecci\u00f3n de las respuestas recibidas de la interfaz de administraci\u00f3n basada en web. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener detalles sobre el sistema operativo, incluyendo la versi\u00f3n del servidor web que se ejecuta en el dispositivo, lo que podr\u00eda ser usado para llevar a cabo m\u00e1s ataques."}], "lastModified": "2020-03-06T16:23:37.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F160E6D-398E-43BD-BA24-AA4E24281006", "versionEndExcluding": "12.6"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.6:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4B6CCDF-7B55-4326-B106-BE2A6A5DEA1B"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.6:service_update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "448BDBFE-43D2-4BFE-B127-26653AED9DE8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}