CVE-2020-3264Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Sd-wan Firmware

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 65.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan FirmwareCisco Sd-wan Solution
Timeline
PublishedMar 19
Latest updateMay 24

Description

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDcisco/sd-wan_firmware19.2.019.2.2+3

🔴Vulnerability Details

2
GHSA
GHSA-q7p4-5vmg-rr2r: A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device2022-05-24
CVEList
Cisco SD-WAN Solution Buffer Overflow Vulnerability2020-03-19

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Buffer Overflow Vulnerability2020-03-18
CVE-2020-3264 — Cisco Sd-wan Firmware vulnerability | cvebase