Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3372

Опубликовано: 16 июл. 2020
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
Версия до 19.2.3 (исключая)
cpe:2.3:o:cisco:sd-wan_firmware:*:*:*:*:*:*:*:*
Версия от 20.1.0 (включая) до 20.1.12 (исключая)

Одно из

cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%
0.00169
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400
CWE-400

Связанные уязвимости

github логотип

GHSA-795h-g7ph-22h5

CVSS3: 6.5
github
больше 3 лет назад

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition.

fstec логотип

BDU:2020-03425

CVSS3: 6.5
fstec
больше 5 лет назад

Уязвимость веб-интерфейса управления vManage программно-определяемой сети Cisco SD-WAN, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 38%
0.00169
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400
CWE-400