Vulnerability Description
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sd-Wan Firmware | < 18.4.5 |
| Cisco | Vedge Cloud Router | - |
| Cisco | Vmanage Network Management System | - |
| Cisco | Vsmart Controller | - |
| Cisco | 1100-4G Integrated Services Router | - |
| Cisco | 1100-4Gltegb Integrated Services Router | - |
| Cisco | 1100-4Gltena Integrated Services Router | - |
| Cisco | 1100-6G Integrated Services Router | - |
| Cisco | Vedge 100 | - |
| Cisco | Vedge 1000 | - |
| Cisco | Vedge 100B | - |
| Cisco | Vedge 100M | - |
| Cisco | Vedge 100Wm | - |
| Cisco | Vedge 2000 | - |
| Cisco | Vedge 5000 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
FAQ
What is CVE-2020-3265?
CVE-2020-3265 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficien...
How severe is CVE-2020-3265?
CVE-2020-3265 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3265?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sd-Wan Firmware, Cisco Vedge Cloud Router, Cisco Vmanage Network Management System, Cisco Vsmart Controller, Cisco 1100-4G Integrated Services Router.