8.6

CVE-2020-3351

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.

Data is provided by the National Vulnerability Database (NVD)
CiscoSd-wan Firmware Version < 17.2.7
   CiscoVedge 100 Version-
   CiscoVedge 1000 Version-
   CiscoVedge 100b Version-
   CiscoVedge 100m Version-
   CiscoVedge 100wm Version-
   CiscoVedge 2000 Version-
   CiscoVedge 5000 Version-
CiscoSd-wan Firmware Version >= 17.2.8 < 18.3.0
   CiscoVedge 100 Version-
   CiscoVedge 1000 Version-
   CiscoVedge 100b Version-
   CiscoVedge 100m Version-
   CiscoVedge 100wm Version-
   CiscoVedge 2000 Version-
   CiscoVedge 5000 Version-
CiscoVedge Cloud Router Version-
CiscoVsmart Controller Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.56% 0.657
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com 8.6 3.9 4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.