CVE-2020-3444

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Software (affected versions not specified) Cisco IOS XE (affected versions not specified)

Description A vulnerability exists in the packet filtering features of the software due to improper traffic filtering conditions on an affected device. This could allow an unauthenticated, remote attacker to bypass L2, L3, and L4 traffic filters by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the traffic filters and inject an arbitrary packet into the network.

Recommendations For Cisco SD-WAN Software, consider disabling the vulnerable packet filtering features until a patch is available. For Cisco IOS XE, restrict access to the vulnerable filtering module to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable packet filtering features in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.