Rewterz Threat Advisory – CVE-2020-3446 – Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
August 20, 2020Rewterz Threat Alert – BLINDINGCAN Remote Access Trojan
August 20, 2020Rewterz Threat Advisory – CVE-2020-3446 – Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
August 20, 2020Rewterz Threat Alert – BLINDINGCAN Remote Access Trojan
August 20, 2020Severity
Medium
Analysis Summary
The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.
Impact
Overwrite arbitrary files
Affected Vendors
Cisco
Affected Products
Cisco Webex Meetings Desktop App for Windows releases earlier than Release 40.8
Remediation
Refer to Cisco advisory for the list of affected products and their respective patches.