VDB
CVE-2020-3264
CVE-2020-3264
PUBLISHED
CVSS 7.099999904632568 HIGH
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.
EPSS 0.14% · 34.5th percentile
Risk Scores
CVSS 3.0
7.099999904632568
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.14%
34.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | sd-wan_firmware | 0, 19.2.0, 20.1.0 |
| Cisco | Cisco SD-WAN Solution | n/a |
Exploit Intelligence
Timeline
- Mar 19, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9v advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2 advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-wwq2-pxrj-v62r url
- https://nvd.nist.gov/vuln/detail/CVE-2020-3264 advisory