ID

VAR-202007-1041


CVE

CVE-2020-3375


TITLE

Cisco SD-WAN Solution Buffer error vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-009096

DESCRIPTION

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. (DoS) It may be put into a state. Cisco SD-WAN Solution is a set of network expansion solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2020-3375 // JVNDB: JVNDB-2020-009096 // VULHUB: VHN-181500

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:19.2.2

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:lteversion:17.2.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:18.4.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:lteversion:16.9.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:lteversion:18.3.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:18.4.5

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:lteversion:16.12.4

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.1.1

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:gteversion:17.2.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope:gteversion:16.12.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:19.2.0

Trust: 1.0

vendor:ciscomodel:ios xe sd-wanscope: - version: -

Trust: 0.8

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009096 // NVD: CVE-2020-3375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3375
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3375
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009096
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1725
value: CRITICAL

Trust: 0.6

VULHUB: VHN-181500
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3375
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009096
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181500
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-009096
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181500 // JVNDB: JVNDB-2020-009096 // CNNVD: CNNVD-202007-1725 // NVD: CVE-2020-3375 // NVD: CVE-2020-3375

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-20

Trust: 1.1

sources: VULHUB: VHN-181500 // JVNDB: JVNDB-2020-009096 // NVD: CVE-2020-3375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1725

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1725

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009096

PATCH

title:cisco-sa-sdbufof-h5f5VSeLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL

Trust: 0.8

title:Cisco SD-WAN Solution Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125228

Trust: 0.6

sources: JVNDB: JVNDB-2020-009096 // CNNVD: CNNVD-202007-1725

EXTERNAL IDS

db:NVDid:CVE-2020-3375

Trust: 2.5

db:JVNDBid:JVNDB-2020-009096

Trust: 0.8

db:CNNVDid:CNNVD-202007-1725

Trust: 0.7

db:NSFOCUSid:47826

Trust: 0.6

db:AUSCERTid:ESB-2020.2599

Trust: 0.6

db:CNVDid:CNVD-2020-43668

Trust: 0.1

db:VULHUBid:VHN-181500

Trust: 0.1

sources: VULHUB: VHN-181500 // JVNDB: JVNDB-2020-009096 // CNNVD: CNNVD-202007-1725 // NVD: CVE-2020-3375

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdbufof-h5f5vsel

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3375

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3375

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2599/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/47826

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-solution-software-code-execution-32972

Trust: 0.6

sources: VULHUB: VHN-181500 // JVNDB: JVNDB-2020-009096 // CNNVD: CNNVD-202007-1725 // NVD: CVE-2020-3375

SOURCES

db:VULHUBid:VHN-181500
db:JVNDBid:JVNDB-2020-009096
db:CNNVDid:CNNVD-202007-1725
db:NVDid:CVE-2020-3375

LAST UPDATE DATE

2024-08-14T14:50:36.624000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181500date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-009096date:2020-10-19T00:00:00
db:CNNVDid:CNNVD-202007-1725date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3375date:2021-08-06T18:49:58.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-181500date:2020-07-31T00:00:00
db:JVNDBid:JVNDB-2020-009096date:2020-10-19T00:00:00
db:CNNVDid:CNNVD-202007-1725date:2020-07-29T00:00:00
db:NVDid:CVE-2020-3375date:2020-07-31T00:15:12.850