Vulnerability Details CVE-2020-3180
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.2%
CVSS Severity
CVSS v3 Score 8.4
CVSS v2 Score 7.2
References
Products affected by CVE-2020-3180
-
cpe:2.3:a:cisco:sd-wan:18.3.0
-
cpe:2.3:a:cisco:sd-wan:18.3.1
-
cpe:2.3:a:cisco:sd-wan:18.3.2
-
cpe:2.3:a:cisco:sd-wan:18.3.3
-
cpe:2.3:a:cisco:sd-wan:18.3.4
-
cpe:2.3:a:cisco:sd-wan:18.3.5
-
cpe:2.3:a:cisco:sd-wan:18.4.0
-
cpe:2.3:a:cisco:sd-wan:18.4.1
-
cpe:2.3:a:cisco:sd-wan:18.4.3
-
cpe:2.3:a:cisco:sd-wan:18.4.4
-
cpe:2.3:a:cisco:sd-wan:19.2.0
-
cpe:2.3:a:cisco:sd-wan:19.2.1
-
cpe:2.3:h:cisco:1100-4g_integrated_services_router:-
-
cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-
-
cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-
-
cpe:2.3:h:cisco:1100-6g_integrated_services_router:-
-
cpe:2.3:h:cisco:1100_integrated_services_router:-
-
cpe:2.3:h:cisco:vedge_1000:-
-
cpe:2.3:h:cisco:vedge_100:-
-
cpe:2.3:h:cisco:vedge_100b:-
-
cpe:2.3:h:cisco:vedge_100m:-
-
cpe:2.3:h:cisco:vedge_100wm:-
-
cpe:2.3:h:cisco:vedge_2000:-
-
cpe:2.3:h:cisco:vedge_5000:-