CVE-2020-3385

EPSS 0.05%
Veröffentlicht 16.07.2020 18:15:19
Zuletzt bearbeitet 21.11.2024 05:30:55
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Sd-wan Firmware Version <= 18.3.0

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Sd-wan Firmware Version >= 18.4.0 < 18.4.5

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Sd-wan Firmware Version >= 19.2.0 < 19.2.3

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Sd-wan Firmware Version >= 19.3.0 < 20.1.1

Cisco ≫ Vedge 5000 Version-

Cisco ≫ Vedge Cloud Router Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.16

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vedgfpdos-PkqQrnwV

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3385

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3385

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3385

EUVD