CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-3117

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.8%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 4.3

References

Products affected by CVE-2020-3117

Cisco » Content Security Management Appliance » Version: N/A

cpe:2.3:a:cisco:content_security_management_appliance:-
Cisco » Content Security Management Appliance » Version: 10.0.0-203

cpe:2.3:a:cisco:content_security_management_appliance:10.0.0-203
Cisco » Content Security Management Appliance » Version: 10.1.0-037

cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037
Cisco » Content Security Management Appliance » Version: 10.1.0-049

cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-049
Cisco » Content Security Management Appliance » Version: 11.4.0-812

cpe:2.3:a:cisco:content_security_management_appliance:11.4.0-812
Cisco » Content Security Management Appliance » Version: 12.0

cpe:2.3:a:cisco:content_security_management_appliance:12.0
Cisco » Content Security Management Appliance » Version: 12.0.1

cpe:2.3:a:cisco:content_security_management_appliance:12.0.1
Cisco » Content Security Management Appliance » Version: 12.5.0

cpe:2.3:a:cisco:content_security_management_appliance:12.5.0
Cisco » Content Security Management Appliance » Version: 12.5.0-436

cpe:2.3:a:cisco:content_security_management_appliance:12.5.0-436
Cisco » Content Security Management Appliance » Version: 12.8.1-002

cpe:2.3:a:cisco:content_security_management_appliance:12.8.1-002
Cisco » Content Security Management Appliance » Version: 8.3.6-039

cpe:2.3:a:cisco:content_security_management_appliance:8.3.6-039
Cisco » Content Security Management Appliance » Version: 9.1.0

cpe:2.3:a:cisco:content_security_management_appliance:9.1.0
Cisco » Content Security Management Appliance » Version: 9.1.0-031

cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031
Cisco » Content Security Management Appliance » Version: 9.1.0-033

cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033
Cisco » Content Security Management Appliance » Version: 9.1.0-103

cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103
Cisco » Content Security Management Appliance » Version: 9.1.0-31

cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-31
Cisco » Content Security Management Appliance » Version: 9.5.0

cpe:2.3:a:cisco:content_security_management_appliance:9.5.0
Cisco » Content Security Management Appliance » Version: 9.6.0

cpe:2.3:a:cisco:content_security_management_appliance:9.6.0
Cisco » Content Security Management Appliance » Version: 9.6.6-068

cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068
Cisco » Content Security Management Appliance » Version: 9.7.0-006

cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006
Cisco » Web Security Appliance » Version: 11.8.0-382

cpe:2.3:a:cisco:web_security_appliance:11.8.0-382
Cisco » Web Security Appliance » Version: 12.0.1-268

cpe:2.3:a:cisco:web_security_appliance:12.0.1-268

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-3117

Products

Pricing

Contact Us