← Back

CVE-2020-3264

nvd nist
Published: Mar 19, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 1.8 / Impact: 5.2
Source: NVD

Description

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.

Affected (4)

Cisco
1 product
Sd Wan Firmware
Configuration A
4 vulnerable · 14 platform
Vulnerable SoftwareAffected Versions
Cisco
Sd Wan Firmware
Before 18.4.5
Sd Wan Firmware
From 19.2.0 to 19.2.2
Sd Wan Firmware
Version 20.1.0
Sd Wan Firmware
Version 20.3.0
Running on/withPlatform Versions
Cisco
1100 4g Integrated Services Router
All versions
Cisco
1100 4gltegb Integrated Services Router
All versions
Cisco
1100 4gltena Integrated Services Router
All versions
Cisco
1100 6g Integrated Services Router
All versions
Cisco
Vedge 100
All versions
Cisco
Vedge 1000
All versions
Cisco
Vedge 100b
All versions
Cisco
Vedge 100m
All versions
Cisco
Vedge 100wm
All versions
Cisco
Vedge 2000
All versions
Cisco
Vedge 5000
All versions
Cisco
Vedge Cloud Router
All versions
Cisco
Vmanage Network Management System
All versions
Cisco
Vsmart Controller
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

Source: psirt@cisco.com
ExploitThird Party Advisory
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.