Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2020-3265

Published: 19/03/2020 Updated: 23/05/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sd-wan Firmware

Vulnerability Summary

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local malicious user to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the malicious user to gain root-level privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco sd-wan_firmware

cisco sd-wan_firmware 20.1.0

Vendor Advisories

Cisco: Cisco SD-WAN Solution Privilege Escalation Vulnerability
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system The vulnerability is due to insufficient input validation An attacker could exploit this vulnerability by sending a crafted request to an affected system A successful exploit could allow ...

Recent Articles

What do you not want right now? A bunch of Cisco SD-WAN, Webex vulnerabilities? Here are a bunch of them
The Register • Shaun Nichols in San Francisco • 19 Mar 2020

Switchzilla says remote networking gear has a grab-bag of holes Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch

Cisco has issued a series of security updates for its SD-WAN and Webex software, just when they're most needed. Switchzilla says the SD-WAN code is host to five vulnerabilities ranging from privilege escalation to remote code injection. The five CVE-listed bugs (CVE-2020-3264, CVE-2020-3265, CVE-2020-3266, CVE-2019-16010, CVE-2019-16012) are down to what Cisco calls "insufficient input validation," and the avenues to exploit it range from SQL to HTTP requests. "An attacker could exploit this vul...

Read more...

References

CWE-269https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9https://nvd.nist.govhttps://www.theregister.co.uk/2020/03/19/cisco_sdwan_bugs/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwpresc-ySJGvE9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook