#VU48163 Input validation error in Cisco IOS XE and Cisco IOS XE SD-WAN - CVE-2020-3444
Published: November 5, 2020
Vulnerability identifier: #VU48163
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3444
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE SD-WAN
Cisco IOS XE
Cisco IOS XE SD-WAN
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass L3 and L4 traffic filters.
The vulnerability exists due to improper traffic filtering conditions on an affected device. A remote attacker can send a specially crafted TCP packet, bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.