CVE-2020-3264

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:sd-wan_firmware:20.1.0:*:*:*:*:*:*:*
cpe:2.3:o:cisco:sd-wan_firmware:20.3.0:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:vedge_cloud_router:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*

History

23 May 2023, 13:55

Type Values Removed Values Added
First Time Cisco 1100-4gltegb Integrated Services Router
Cisco 1100-4g Integrated Services Router
Cisco 1100-6g Integrated Services Router
Cisco 1100-4gltena Integrated Services Router
CPE cpe:2.3:h:cisco:isr1100-4gltena:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr1100-6g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr1100-4gltegb:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr1100-4g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*

19 Jul 2022, 11:50

Type Values Removed Values Added
CPE cpe:2.3:o:cisco:sd-wan_firmware:20.3.0:*:*:*:*:*:*:*
References (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-wwq2-pxrj-v62r - (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-wwq2-pxrj-v62r - Exploit, Third Party Advisory

22 Apr 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/orangecertcc/security-research/security/advisories/GHSA-wwq2-pxrj-v62r -

17 Mar 2022, 16:05

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:vmanage_network_management_system:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:vedge_cloud_router:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:sd-wan_firmware:20.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*
First Time Cisco vmanage Network Management System
Cisco vsmart Controller
Cisco vedge Cloud Router

Information

Published : 2020-03-19 16:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-3264

Mitre link : CVE-2020-3264

CVE.ORG link : CVE-2020-3264


JSON object : View

Products Affected

cisco

  • vedge_2000
  • vsmart_controller
  • 1100-4gltena_integrated_services_router
  • 1100-4gltegb_integrated_services_router
  • vedge_1000
  • vedge_cloud_router
  • vedge_5000
  • vedge_100m
  • vedge_100wm
  • vedge_100
  • 1100-6g_integrated_services_router
  • vmanage_network_management_system
  • sd-wan_firmware
  • vedge_100b
  • 1100-4g_integrated_services_router
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer