ID

VAR-202005-0720


CVE

CVE-2020-3343


TITLE

Endpoints Linux Connector and Endpoints Mac Connector For software Cisco AMP Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005847

DESCRIPTION

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more

Trust: 1.71

sources: NVD: CVE-2020-3343 // JVNDB: JVNDB-2020-005847 // VULHUB: VHN-181468

AFFECTED PRODUCTS

vendor:ciscomodel:advanced malware protection for endpointsscope:lteversion:1.12.3.738

Trust: 1.0

vendor:ciscomodel:advanced malware protection for endpointsscope:lteversion:1.12.3.698

Trust: 1.0

vendor:ciscomodel:amp for endpointsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-005847 // NVD: CVE-2020-3343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3343
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3343
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005847
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-1085
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181468
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3343
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-005847
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181468
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3343
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3343
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-005847
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181468 // JVNDB: JVNDB-2020-005847 // CNNVD: CNNVD-202005-1085 // NVD: CVE-2020-3343 // NVD: CVE-2020-3343

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

problemtype:CWE-119

Trust: 1.0

sources: VULHUB: VHN-181468 // JVNDB: JVNDB-2020-005847 // NVD: CVE-2020-3343

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1085

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1085

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005847

PATCH

title:cisco-sa-amp4elinux-h33dkrvburl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp4elinux-h33dkrvb

Trust: 0.8

title:Cisco AMP for Endpoints Linux and Mac Connector Software Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119478

Trust: 0.6

sources: JVNDB: JVNDB-2020-005847 // CNNVD: CNNVD-202005-1085

EXTERNAL IDS

db:NVDid:CVE-2020-3343

Trust: 2.5

db:JVNDBid:JVNDB-2020-005847

Trust: 0.8

db:CNNVDid:CNNVD-202005-1085

Trust: 0.7

db:AUSCERTid:ESB-2020.1798

Trust: 0.6

db:NSFOCUSid:46752

Trust: 0.6

db:VULHUBid:VHN-181468

Trust: 0.1

sources: VULHUB: VHN-181468 // JVNDB: JVNDB-2020-005847 // CNNVD: CNNVD-202005-1085 // NVD: CVE-2020-3343

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-amp4elinux-h33dkrvb

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3343

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3343

Trust: 0.8

url:http://www.nsfocus.net/vulndb/46752

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1798/

Trust: 0.6

sources: VULHUB: VHN-181468 // JVNDB: JVNDB-2020-005847 // CNNVD: CNNVD-202005-1085 // NVD: CVE-2020-3343

SOURCES

db:VULHUBid:VHN-181468
db:JVNDBid:JVNDB-2020-005847
db:CNNVDid:CNNVD-202005-1085
db:NVDid:CVE-2020-3343

LAST UPDATE DATE

2024-11-23T22:33:26.908000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181468date:2020-05-28T00:00:00
db:JVNDBid:JVNDB-2020-005847date:2020-06-23T00:00:00
db:CNNVDid:CNNVD-202005-1085date:2020-05-29T00:00:00
db:NVDid:CVE-2020-3343date:2024-11-21T05:30:50.510

SOURCES RELEASE DATE

db:VULHUBid:VHN-181468date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-005847date:2020-06-23T00:00:00
db:CNNVDid:CNNVD-202005-1085date:2020-05-20T00:00:00
db:NVDid:CVE-2020-3343date:2020-05-22T06:15:10.667