CVE-2020-3369

EPSS 1.16%
Veröffentlicht 16.07.2020 18:15:18
Zuletzt bearbeitet 21.11.2024 05:30:53
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Sd-wan Firmware Version19.2.0

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Sd-wan Firmware Version19.2.1

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Sd-wan Firmware Version19.2.097

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Sd-wan Firmware Version19.2.098

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Vedge Cloud Router Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.16%	0.766

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-118 Incorrect Access of Indexable Resource ('Range Error')

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3369

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3369

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3369

EUVD