What is CVE-2020-3264?

CVE-2020-3264 is a high-severity vulnerability in Cisco 1100-4g_integrated_services_router, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.1/10. Published 2020-03-19.

How severe is CVE-2020-3264?

High severity. CVSS v3 base score is 7.1 out of 10.

Buffer overflow in Cisco 1100-4g_integrated_services_router

CVE-2020-3264

A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vuln…

Vulnerability class: Buffer Overflow

EPSS: 0.007 (49.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco 1100-4g_integrated_services_router
Cisco 1100-4gltegb_integrated_services_router
Cisco 1100-4gltena_integrated_services_router
Cisco 1100-6g_integrated_services_router
Cisco Sd-wan Solution — versions n/a
Cisco Sd-wan_firmware — versions 20.1.0, 20.3.0
Cisco Vedge_100
Cisco Vedge_1000
Cisco Vedge_100b
Cisco Vedge_100m

Weakness classification (CWE)

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-3264?: CVE-2020-3264 is a high-severity vulnerability in Cisco 1100-4g_integrated_services_router, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.1/10. Published 2020-03-19.
How severe is CVE-2020-3264?: High severity. CVSS v3 base score is 7.1 out of 10.