ByteOS Network

NVD Vulnerability Details :

CVE-2020-3369

Analyzed

Source-ykramarz@cisco.com

Published At-16 Jul, 2020 | 18:15

Updated At-24 Jul, 2020 | 15:21

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.0	8.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary	2.0	7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.0

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 7.8

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:C

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-118	Secondary	ykramarz@cisco.com

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-118

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f

Source: ykramarz@cisco.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History