CVE-2020-3246

Name of the Vulnerable Software and Affected Versions Cisco Umbrella (affected versions not specified)

Description The issue is related to insufficient validation of user input in the web server of Cisco Umbrella, which could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. An attacker could exploit this by persuading a user to access a crafted URL, potentially allowing the injection of arbitrary HTTP headers into valid HTTP responses sent to the user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.