Vulnerabilities > CVE-2020-3117 - Unspecified vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.
Vulnerable Configurations
Nessus
NASL family CISCO NASL id CISCO-SA-20200122-SMA-HEADER-INJECT.NASL description According to its self-reported version, the Cisco Content Security Management Appliance (SMA) is affected by a HTTP Header Injection vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 133405 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133405 title Cisco Content Security Management Appliance HTTP Header Injection Vulnerability NASL family CISCO NASL id CISCO-SA-20200122-WSA-SMA-HEADER-INJECT.NASL description According to its self-reported version, Cisco Web Security Appliance (WSA) is affected by a HTTP Header Injection vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. last seen 2020-06-01 modified 2020-06-02 plugin id 133406 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133406 title Cisco Web Security Appliance HTTP Header Injection Vulnerability