Vulnerabilities > CVE-2020-3117 - Unspecified vulnerability in Cisco products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
cisco
nessus

Summary

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.

Nessus

  • NASL familyCISCO
    NASL idCISCO-SA-20200122-SMA-HEADER-INJECT.NASL
    descriptionAccording to its self-reported version, the Cisco Content Security Management Appliance (SMA) is affected by a HTTP Header Injection vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
    last seen2020-06-01
    modified2020-06-02
    plugin id133405
    published2020-01-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133405
    titleCisco Content Security Management Appliance HTTP Header Injection Vulnerability
  • NASL familyCISCO
    NASL idCISCO-SA-20200122-WSA-SMA-HEADER-INJECT.NASL
    descriptionAccording to its self-reported version, Cisco Web Security Appliance (WSA) is affected by a HTTP Header Injection vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information.
    last seen2020-06-01
    modified2020-06-02
    plugin id133406
    published2020-01-31
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133406
    titleCisco Web Security Appliance HTTP Header Injection Vulnerability