CVE-2020-3375

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:sd-wan::::::::
	cpe:2.3:a:cisco:sd-wan::::::::
	cpe:2.3:a:cisco:sd-wan::::::::
	cpe:2.3:a:cisco:sd-wan::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:cisco:ios_xe_sd-wan::::::::
	cpe:2.3:o:cisco:ios_xe_sd-wan::::::::
	cpe:2.3:o:cisco:ios_xe_sd-wan::::::::

History

06 Aug 2021, 18:49

Type	Values Removed	Values Added
CWE	~~CWE-119~~	CWE-20

Information

Published : 2020-07-31 00:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-3375

Mitre link : CVE-2020-3375

CVE.ORG link : CVE-2020-3375

JSON object : View

Products Affected

cisco

sd-wan
ios_xe_sd-wan

CWE

CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2020-3375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-07-31T00:15:12.850", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco SD-WAN Solution Software podr\u00eda permitir a un atacante remoto no autenticado causar un desbordamiento del b\u00fafer sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de tr\u00e1fico dise\u00f1ado hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener acceso a informaci\u00f3n a la que no est\u00e1 autorizado a acceder, realizar cambios en el sistema que no est\u00e1 autorizado para hacer y ejecutar comandos sobre un sistema afectado con privilegios del usuario root"}], "lastModified": "2021-08-06T18:49:58.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30119125-8E6B-4E21-ABD0-AE4023AC91A9", "versionEndIncluding": "18.3.0"}, {"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC62B7F1-C94F-4943-AF83-2DB6D7B1C710", "versionEndExcluding": "18.4.5", "versionStartIncluding": "18.4.0"}, {"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C11C806-7F69-49D3-A3F5-D6B2AA809D22", "versionEndExcluding": "19.2.2", "versionStartIncluding": "19.2.0"}, {"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD701074-76E0-477B-B0FF-085BC1DC69D6", "versionEndExcluding": "20.1.1", "versionStartIncluding": "19.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FABA82FB-C442-4CBC-BCE5-0AA465EFCBB1", "versionEndIncluding": "16.9.0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2D0BCAA-C60C-47C8-92C7-991DE4E636E3", "versionEndIncluding": "16.12.4", "versionStartIncluding": "16.12.0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1297BA8-9502-4D6E-8508-2396D7963887", "versionEndIncluding": "17.2.1", "versionStartIncluding": "17.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}