FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2020-3246

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: May 6, 2020 / Updated: 55mo ago

010
CVSS 4.3EPSS 0.12%Medium
CVE info copied to clipboard

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to the browser of the user.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2020-3246. See article

May 6, 2020 at 4:09 PM / tools.cisco.com
EPSS

EPSS Score was set to: 0.12% (Percentile: 46.1%)

Oct 3, 2023 at 9:44 PM
Static CVE Timeline Graph

Affected Systems

Cisco/umbrella
+null more

Patches

tools.cisco.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

CVSS 4.3(21798)CWE-74(1406)CWE-93(62)Cisco(6126)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial