CVE-2020-3264

CVE Database · CVE-2020-3264

CVE-2020-3264

· HIGHModified

CVSS v3.1

7.1

EPSS

0.73%

Published

Mar 19, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-119CWE-120

Affected Products (18)

cisco · sd-wan_firmware (up to 18.4.5)vulnerable

cisco · sd-wan_firmware (up to 19.2.2)vulnerable

cisco · sd-wan_firmwarevulnerable

cisco · vedge_cloud_router

cisco · vmanage_network_management_system

cisco · vsmart_controller

cisco · 1100-4g_integrated_services_router