cnvd - cnvd-2020-61019

cnvd-2020-61019

Vulnerability from cnvd

Title: Cisco SD-WAN vEdge输入验证错误漏洞

Description:

Cisco SD-WAN vEdge是美国思科（Cisco）公司的是一款路由器。该设备可为思科SD-WAN解决方案提供基本WAN，安全性和多云功能。

Cisco SD-WAN vEdge 存在输入验证错误漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可以通过制作具有特定特征的恶意TCP数据包并将其发送到目标设备来利用此漏洞绕过L3和L4流量过滤器，并将任意数据包注入网络。

Severity: 中

Patch Name: Cisco SD-WAN vEdge输入验证错误漏洞的补丁

Patch Description:

Cisco SD-WAN vEdge是美国思科（Cisco）公司的是一款路由器。该设备可为思科SD-WAN解决方案提供基本WAN，安全性和多云功能。

Cisco SD-WAN vEdge 存在输入验证错误漏洞，该漏洞源于网络系统或产品未对输入的数据进行正确的验证。攻击者可以通过制作具有特定特征的恶意TCP数据包并将其发送到目标设备来利用此漏洞绕过L3和L4流量过滤器，并将任意数据包注入网络。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4

Reference: https://www.auscert.org.au/bulletins/ESB-2020.3813/

Impacted products

Name
Cisco Cisco SD-WAN vEdge

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3444",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-3444"
    }
  },
  "description": "Cisco SD-WAN vEdge\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u662f\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8be5\u8bbe\u5907\u53ef\u4e3a\u601d\u79d1SD-WAN\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\u57fa\u672cWAN\uff0c\u5b89\u5168\u6027\u548c\u591a\u4e91\u529f\u80fd\u3002\n\nCisco SD-WAN vEdge \u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5236\u4f5c\u5177\u6709\u7279\u5b9a\u7279\u5f81\u7684\u6076\u610fTCP\u6570\u636e\u5305\u5e76\u5c06\u5176\u53d1\u9001\u5230\u76ee\u6807\u8bbe\u5907\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7L3\u548cL4\u6d41\u91cf\u8fc7\u6ee4\u5668\uff0c\u5e76\u5c06\u4efb\u610f\u6570\u636e\u5305\u6ce8\u5165\u7f51\u7edc\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-61019",
  "openTime": "2020-11-07",
  "patchDescription": "Cisco SD-WAN vEdge\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u662f\u4e00\u6b3e\u8def\u7531\u5668\u3002\u8be5\u8bbe\u5907\u53ef\u4e3a\u601d\u79d1SD-WAN\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\u57fa\u672cWAN\uff0c\u5b89\u5168\u6027\u548c\u591a\u4e91\u529f\u80fd\u3002\r\n\r\nCisco SD-WAN vEdge \u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5236\u4f5c\u5177\u6709\u7279\u5b9a\u7279\u5f81\u7684\u6076\u610fTCP\u6570\u636e\u5305\u5e76\u5c06\u5176\u53d1\u9001\u5230\u76ee\u6807\u8bbe\u5907\u6765\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7L3\u548cL4\u6d41\u91cf\u8fc7\u6ee4\u5668\uff0c\u5e76\u5c06\u4efb\u610f\u6570\u636e\u5305\u6ce8\u5165\u7f51\u7edc\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco SD-WAN vEdge\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Cisco SD-WAN vEdge"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2020.3813/",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-05",
  "title": "Cisco SD-WAN vEdge\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-3444 (GCVE-0-2020-3444)

Vulnerability from cvelistv5

Published

2020-11-06 18:16

Modified

2024-11-13 17:43

Severity ?

5.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-20

Summary

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco SD-WAN Solution	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:54.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201104 Cisco SD-WAN Software Packet Filtering Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:12:07.890869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:43:41.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SD-WAN Solution",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-11-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-06T18:16:12",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201104 Cisco SD-WAN Software Packet Filtering Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cedge-filt-bypass-Y6wZMqm4",
        "defect": [
          [
            "CSCvw12895"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SD-WAN Software Packet Filtering Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-11-04T16:00:00",
          "ID": "CVE-2020-3444",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SD-WAN Software Packet Filtering Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SD-WAN Solution",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201104 Cisco SD-WAN Software Packet Filtering Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cedge-filt-bypass-Y6wZMqm4",
          "defect": [
            [
              "CSCvw12895"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3444",
    "datePublished": "2020-11-06T18:16:13.016367Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-13T17:43:41.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted