CVE-2020-3351

Published: Jul 16, 2020Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.

Affected (4)

Products: Cisco: Sd Wan Firmware, Vedge Cloud Router, Vsmart Controller

3 products

Configuration A

2 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Cisco Sd Wan Firmware	Before 17.2.7
Cisco Sd Wan Firmware	From 17.2.8 to 18.3.0

Running on/with	Platform Versions
Cisco Vedge 100	All versions
Cisco Vedge 1000	All versions
Cisco Vedge 100b	All versions
Cisco Vedge 100m	All versions
Cisco Vedge 100wm	All versions
Cisco Vedge 2000	All versions
Cisco Vedge 5000	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Vedge Cloud Router	All versions
Cisco Vsmart Controller	All versions

Related CWEs

CWE-399

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.