Rewterz Threat Advisory – CVE-2020-3391 – Cisco Digital Network Architecture Center Information Disclosure Vulnerability
July 3, 2020Rewterz Threat Advisory – CVE-2020-3432 – Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability
July 3, 2020Rewterz Threat Advisory – CVE-2020-3391 – Cisco Digital Network Architecture Center Information Disclosure Vulnerability
July 3, 2020Rewterz Threat Advisory – CVE-2020-3432 – Cisco AnyConnect Secure Mobility Client for Mac OS File Corruption Vulnerability
July 3, 2020Severity
High
Analysis Summary
The affected product is vulnerable to a remote code execution attack that may allow an attacker to remotely execute arbitrary code. Successful exploitation of this vulnerability requires luring a user (on a host with the vulnerable IM component installed) to access a malicious website that instructs the user’s browser to load the vulnerable component before passing malicious input. This could cause the Display Services functionality to stop or malfunction.
Impact
Cross-site Scripting
Affected Vendors
ABB
Affected Products
- Versions prior to 5.1 Rev E/5.1 FP4 Rev E TC6
- Versions prior to 6.0.3.3 RU1
- Versions prior to 6.1 RU1
Remediation
Refer to ICS advisory for the list of upgraded patches.