ByteOS Network

NVD Vulnerability Details :

CVE-2020-3264

Analyzed

Source-ykramarz@cisco.com

Published At-19 Mar, 2020 | 16:15

Updated At-23 May, 2023 | 13:55

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Secondary	3.0	7.1	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary	2.0	6.6	MEDIUM	AV:L/AC:L/Au:N/C:C/I:C/A:N

Type: Primary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Primary

Version: 2.0

Base score: 6.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:N

CWE ID	Type	Source
CWE-120	Primary	nvd@nist.gov
CWE-119	Secondary	ykramarz@cisco.com

Hyperlink	Source	Resource
https://github.com/orangecertcc/security-research/security/advisories/GHSA-wwq2-pxrj-v62r	ykramarz@cisco.com	Exploit Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2	ykramarz@cisco.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History