{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T09:04:05.320","vulnerabilities":[{"cve":{"id":"CVE-2020-3450","sourceIdentifier":"psirt@cisco.com","published":"2020-07-16T18:15:19.753","lastModified":"2024-11-21T05:31:05.513","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the web-based management interface and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data that is stored in the underlying database, including hashed user credentials. To exploit this vulnerability, an attacker would need valid administrative credentials."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web de Cisco Vision Dynamic Signage Director podría permitir a un atacante remoto autenticado con credenciales administrativas llevar a cabo ataques de inyección SQL sobre un sistema afectado. La vulnerabilidad es debido a una comprobación inapropiada de los parámetros enviados por el usuario. Un atacante podría explotar esta vulnerabilidad autenticándose en la interfaz de administración basada en web y enviando peticiones maliciosas a un sistema afectado. Una explotación con éxito podría permitir al atacante obtener datos que están almacenados en la base de datos subyacente, incluyendo las credenciales de usuario en hash. Para explotar esta vulnerabilidad, un atacante necesitaría credenciales administrativas válidas"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:vision_dynamic_signage_director:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.0","matchCriteriaId":"E93E33BA-3B7B-4AE6-9524-997E4EF17473"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:vision_dynamic_signage_director:6.2.0:-:*:*:*:*:*:*","matchCriteriaId":"0E9D9D82-2082-4127-9526-D05EE9547577"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:vision_dynamic_signage_director:6.2.0:sp1:*:*:*:*:*:*","matchCriteriaId":"FD412C57-3DB3-4D46-B48A-39348157E977"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:vision_dynamic_signage_director:6.2.0:sp2:*:*:*:*:*:*","matchCriteriaId":"FF7B8D97-A800-4D89-A952-3C1DE419D938"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:vision_dynamic_signage_director:6.2.0:sp3:*:*:*:*:*:*","matchCriteriaId":"F656F305-6069-4132-AC4A-A8C4146EB433"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:vision_dynamic_signage_director:6.2.0:sp4:*:*:*:*:*:*","matchCriteriaId":"34CEA4BF-2040-4FE9-8DF7-D8145D5D9809"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-visio-dir-sql-inj-fPm3MPfT","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-visio-dir-sql-inj-fPm3MPfT","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}