CVE-2020-3385 — Cisco Sd-wan Firmware vulnerability

CWE-3714 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 83.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Firmware Cisco Sd-wan Vedge Router

Timeline

PublishedJul 16

Latest updateMay 24

Description

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_sd-wan_vedge_routern/a

▶NVDcisco/sd-wan_firmware18.4.0 — 18.4.5+3

🔴Vulnerability Details

GHSA

GHSA-5975-gjm3-px87: A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a↗2022-05-24

▶

CVEList

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability↗2020-07-16

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability↗2020-07-15

▶