← Back

CVE-2020-3372

nvd nist
Published: Jul 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition.

Affected (2)

Cisco
1 product
Sd Wan Firmware
Configuration A
2 vulnerable · 11 platform
Vulnerable SoftwareAffected Versions
Cisco
Sd Wan Firmware
Before 19.2.3
Sd Wan Firmware
From 20.1.0 to 20.1.12
Running on/withPlatform Versions
Cisco
1100 4g Integrated Services Router
All versions
Cisco
1100 4gltegb Integrated Services Router
All versions
Cisco
1100 4gltena Integrated Services Router
All versions
Cisco
1100 6g Integrated Services Router
All versions
Cisco
Vedge 100
All versions
Cisco
Vedge 1000
All versions
Cisco
Vedge 100b
All versions
Cisco
Vedge 100m
All versions
Cisco
Vedge 100wm
All versions
Cisco
Vedge 2000
All versions
Cisco
Vedge 5000
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.