CVE-2020-3444Improper Input Validation in Cisco IOS XE

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XECisco Sd-wan Solution
Timeline
PublishedNov 6
Latest updateMay 24

Description

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xe17.217.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-p5g6-5mhj-fpg5: A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic2022-05-24
CVEList
Cisco SD-WAN Software Packet Filtering Bypass Vulnerability2020-11-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Software Packet Filtering Bypass Vulnerability2020-11-04
CVE-2020-3444 — Improper Input Validation in Cisco | cvebase