Lucene search

[email protected]NVD:CVE-2020-3351

HistoryJul 16, 2020 - 6:15 p.m.

CVE-2020-3351

2020-07-1618:15:17

CWE-399

CWE-400

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.002

Percentile

52.7%

JSON

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it.

Affected configurations

Nvd

Node

ciscovedge_100Match-

ciscovedge_1000Match-

ciscovedge_100bMatch-

ciscovedge_100mMatch-

ciscovedge_100wmMatch-

ciscovedge_2000Match-

ciscovedge_5000Match-

AND

ciscosd-wan_firmwareRange<17.2.7

ciscosd-wan_firmwareRange17.2.8–18.3.0

Node

ciscovedge_cloud_routerMatch-

ciscovsmart_controllerMatch-

VendorProductVersionCPE
ciscovedge_100-cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
ciscovedge_1000-cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
ciscovedge_100b-cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*
ciscovedge_100m-cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*
ciscovedge_100wm-cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*
ciscovedge_2000-cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*
ciscovedge_5000-cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*
ciscosd-wan_firmware*cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
ciscovedge_cloud_router-cpe:2.3:a:cisco:vedge_cloud_router:-:*:*:*:*:*:*:*
ciscovsmart_controller-cpe:2.3:a:cisco:vsmart_controller:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	vedge_100	-	cpe:2.3:h:cisco:vedge_100:-:::::::*
cisco	vedge_1000	-	cpe:2.3:h:cisco:vedge_1000:-:::::::*
cisco	vedge_100b	-	cpe:2.3:h:cisco:vedge_100b:-:::::::*
cisco	vedge_100m	-	cpe:2.3:h:cisco:vedge_100m:-:::::::*
cisco	vedge_100wm	-	cpe:2.3:h:cisco:vedge_100wm:-:::::::*
cisco	vedge_2000	-	cpe:2.3:h:cisco:vedge_2000:-:::::::*
cisco	vedge_5000	-	cpe:2.3:h:cisco:vedge_5000:-:::::::*
cisco	sd-wan_firmware	*	cpe:2.3:o:cisco:sd-wan_firmware::::::::
cisco	vedge_cloud_router	-	cpe:2.3:a:cisco:vedge_cloud_router:-:::::::*
cisco	vsmart_controller	-	cpe:2.3:a:cisco:vsmart_controller:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-dos-KWOdyHnB

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.002

Percentile

52.7%

JSON

Related for NVD:CVE-2020-3351

cve1 cvelist1 cisco1 prion1 nessus1