CVE-2020-3335 vulnerability in Cisco Products
Published on June 3, 2020
Cisco Application Services Engine Software Authorization Vulnerability
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2020-3335
stack.watch emails you whenever new vulnerabilities are published in Cisco Application Policy Infrastructure Controller or Cisco Application Services Engine. Just hit a watch button to start following.
Affected Versions
Cisco Application Policy Infrastructure Controller (APIC) Version n/a is affected by CVE-2020-3335Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.