CVE-2020-3117
Description
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web servers response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a users browser.
Risk Information
Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.069
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability For Cisco IronPort Security Management Appliance Software | NCM |
| Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability For Cisco IronPort Web Security Appliance Software | NCM |
| CVE-2020-3117 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706033 | Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152 |
| PATCH-1706023 | Security Update for Cisco IronPort Web Security Appliance Software 9.1.2-010 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234