Sign-up

ID

VAR-202005-0691


CVE

CVE-2020-3246


TITLE

Cisco Umbrella Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005203

DESCRIPTION

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user. Cisco Umbrella There is an injection vulnerability in.Information may be tampered with. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware

Trust: 1.8

sources: NVD: CVE-2020-3246 // JVNDB: JVNDB-2020-005203 // VULHUB: VHN-181371 // VULMON: CVE-2020-3246

AFFECTED PRODUCTS

vendor:ciscomodel:umbrellascope:eqversion:*

Trust: 1.1

vendor:ciscomodel:umbrella virtual appliancescope: - version: -

Trust: 0.8

sources: VULMON: CVE-2020-3246 // JVNDB: JVNDB-2020-005203 // NVD: CVE-2020-3246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3246
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3246
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005203
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-216
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181371
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3246
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3246
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005203
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181371
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3246
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3246
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005203
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181371 // VULMON: CVE-2020-3246 // JVNDB: JVNDB-2020-005203 // CNNVD: CNNVD-202005-216 // NVD: CVE-2020-3246 // NVD: CVE-2020-3246

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

problemtype:CWE-93

Trust: 1.0

sources: VULHUB: VHN-181371 // JVNDB: JVNDB-2020-005203 // NVD: CVE-2020-3246

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-216

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202005-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005203

PATCH
title:cisco-sa-umbrella-head-inject-n4QArJHurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-head-inject-n4QArJH
Trust: 0.8
title:Cisco Umbrella Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117818
Trust: 0.6
title:Cisco: Cisco Umbrella Carriage Return Line Feed Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-umbrella-head-inject-n4QArJH
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2020/05/07/cisco_may_patches/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3246 // 
            
            
            
            JVNDB: JVNDB-2020-005203 // 
            
            
            
            CNNVD: CNNVD-202005-216

EXTERNAL IDS
db:NVDid:CVE-2020-3246
Trust: 2.6
db:JVNDBid:JVNDB-2020-005203
Trust: 0.8
db:CNNVDid:CNNVD-202005-216
Trust: 0.7
db:AUSCERTid:ESB-2020.1619
Trust: 0.6
db:NSFOCUSid:47632
Trust: 0.6
db:CNVDid:CNVD-2020-29596
Trust: 0.1
db:VULHUBid:VHN-181371
Trust: 0.1
db:VULMONid:CVE-2020-3246
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181371 // 
            
            
            
            VULMON: CVE-2020-3246 // 
            
            
            
            JVNDB: JVNDB-2020-005203 // 
            
            
            
            CNNVD: CNNVD-202005-216 // 
            
            
            
            NVD: CVE-2020-3246

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-head-inject-n4qarjh
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-3246
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3246
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47632
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1619/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181539
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181371 // 
            
            
            
            VULMON: CVE-2020-3246 // 
            
            
            
            JVNDB: JVNDB-2020-005203 // 
            
            
            
            CNNVD: CNNVD-202005-216 // 
            
            
            
            NVD: CVE-2020-3246

SOURCES
db:VULHUBid:VHN-181371
db:VULMONid:CVE-2020-3246
db:JVNDBid:JVNDB-2020-005203
db:CNNVDid:CNNVD-202005-216
db:NVDid:CVE-2020-3246

LAST UPDATE DATE
2024-11-23T22:58:17.053000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181371date:2020-05-12T00:00:00
db:VULMONid:CVE-2020-3246date:2020-05-12T00:00:00
db:JVNDBid:JVNDB-2020-005203date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-216date:2020-08-12T00:00:00
db:NVDid:CVE-2020-3246date:2024-11-21T05:30:38.950

SOURCES RELEASE DATE
db:VULHUBid:VHN-181371date:2020-05-06T00:00:00
db:VULMONid:CVE-2020-3246date:2020-05-06T00:00:00
db:JVNDBid:JVNDB-2020-005203date:2020-06-09T00:00:00
db:CNNVDid:CNNVD-202005-216date:2020-05-06T00:00:00
db:NVDid:CVE-2020-3246date:2020-05-06T17:15:12.480