CVE-2020-3164

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.8%
top 25.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Cisco WEB Security Appliance (wsa)Cisco Content Security Management ApplianceCisco Cloud Email Security+2 more
Timeline
PublishedMar 4
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTT

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

CVEListV5cisco/cisco_web_security_appliance_(wsa)unspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-2whj-38mw-g8jm: A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), a2022-05-24
CVEList
Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability2020-03-04

📋Vendor Advisories

1
Cisco
Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability2020-03-04
CVE-2020-3164 (MEDIUM CVSS 5.3) | A vulnerability in the web-based ma | cvebase.io