Sign-up

ID

VAR-202007-1041


CVE

CVE-2020-3375


TITLE

Cisco SD-WAN Solution Buffer error vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-009096

DESCRIPTION

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. (DoS) It may be put into a state. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3375 // JVNDB: JVNDB-2020-009096 // VULHUB: VHN-181500

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:19.2.2

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:lteversion:17.2.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:18.4.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:lteversion:16.9.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:lteversion:18.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:18.4.5

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:lteversion:16.12.4

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.1.1

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:gteversion:17.2.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:gteversion:16.12.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.2.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope: - version: -

Trust: 0.8

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009096 // NVD: CVE-2020-3375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3375
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3375
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009096
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1725
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181500
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3375
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009096
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181500
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009096
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181500 // JVNDB: JVNDB-2020-009096 // CNNVD: CNNVD-202007-1725 // NVD: CVE-2020-3375 // NVD: CVE-2020-3375

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-181500 // JVNDB: JVNDB-2020-009096 // NVD: CVE-2020-3375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1725

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1725

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009096

PATCH
title:cisco-sa-sdbufof-h5f5VSeLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL
Trust: 0.8
title:Cisco SD-WAN Solution Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125228
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-009096 // 
            
            
            
            CNNVD: CNNVD-202007-1725

EXTERNAL IDS
db:NVDid:CVE-2020-3375
Trust: 2.5
db:JVNDBid:JVNDB-2020-009096
Trust: 0.8
db:CNNVDid:CNNVD-202007-1725
Trust: 0.7
db:NSFOCUSid:47826
Trust: 0.6
db:AUSCERTid:ESB-2020.2599
Trust: 0.6
db:CNVDid:CNVD-2020-43668
Trust: 0.1
db:VULHUBid:VHN-181500
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181500 // 
            
            
            
            JVNDB: JVNDB-2020-009096 // 
            
            
            
            CNNVD: CNNVD-202007-1725 // 
            
            
            
            NVD: CVE-2020-3375

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdbufof-h5f5vsel
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3375
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3375
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2599/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47826
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-sd-wan-solution-software-code-execution-32972
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181500 // 
            
            
            
            JVNDB: JVNDB-2020-009096 // 
            
            
            
            CNNVD: CNNVD-202007-1725 // 
            
            
            
            NVD: CVE-2020-3375

SOURCES
db:VULHUBid:VHN-181500
db:JVNDBid:JVNDB-2020-009096
db:CNNVDid:CNNVD-202007-1725
db:NVDid:CVE-2020-3375

LAST UPDATE DATE
2024-08-14T14:50:36.624000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181500date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-009096date:2020-10-19T00:00:00
db:CNNVDid:CNNVD-202007-1725date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3375date:2021-08-06T18:49:58.017

SOURCES RELEASE DATE
db:VULHUBid:VHN-181500date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-009096date:2020-10-19T00:00:00
db:CNNVDid:CNNVD-202007-1725date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3375date:2020-07-31T00:15:12.850