CVE-2020-3115

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-264
View all →

Vulnerability Description

A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.

Related Vulnerabilities

CVE-2010-5327

HIGH
CVSS:8.8(High)

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

CWE-2642010

CVE-2013-3632

HIGH
CVSS:8.8(High)

The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.

CWE-2642013

CVE-2014-0087

HIGH
CVSS:8.8(High)

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authoriza...

CWE-2642014

CVE-2014-1946

HIGH
CVSS:8.8(High)

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to thems...

CWE-2642014

CVE-2014-5070

HIGH
CVSS:8.8(High)

Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.

CWE-2642014

CVE-2014-9695

HIGH
CVSS:8.8(High)

The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operation...

CWE-2642014