Main Vulnerability Database Vulnerabilities #VU26219

#VU26219 Buffer overflow in Cisco SD-WAN - CVE-2020-3264

Published: March 19, 2020

Vulnerability identifier: #VU26219

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3264

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco SD-WAN

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local user to escalate privileges on the target system.

The vulnerability exists due to a boundary error. A local user can send a specially crafted traffic, trigger memory corruption and gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.

This vulnerability affects the following Cisco products if they are running a vulnerable versions of Cisco SD-WAN Solution software.

vBond Orchestrator Software
vEdge 100 Series Routers
vEdge 1000 Series Routers
vEdge 2000 Series Routers
vEdge 5000 Series Routers
vEdge Cloud Router Platform
vManage Network Management System
vSmart Controller Software

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanbo-QKcABnS2

#VU26219 Buffer overflow in Cisco SD-WAN - CVE-2020-3264

Description

Remediation

External links

Please verify you're human