CVE-2020-3369 — Range Error in Cisco Sd-wan Vedge Router

CWE-118 — Range Error4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 21.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Vedge Router Cisco Sd-wan Firmware

Timeline

PublishedJul 16

Latest updateMay 24

Description

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_sd-wan_vedge_routern/a

▶NVDcisco/sd-wan_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-f3ch-8xx9-vh6w: A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a de↗2022-05-24

▶

CVEList

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability↗2020-07-16

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability↗2020-07-15

▶