How severe is CVE-2020-3561?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2020-3561?

This is classified as CWE-93, which is a common weakness in software security.

CVE-2020-3561 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to conduct a CRLF injection attack, adding arbitrary HTTP headers in the responses of the system and redirecting the user to arbitrary websites.

Related Vulnerabilities

CVE-2020-3246

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user of an affected service...

CWE-932020

CVE-2014-9563

MEDIUM

CVSS:4.9(Medium)

CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated users...

CWE-932014

CVE-2019-15616

MEDIUM

CVSS:4.3(Medium)

Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.

CWE-932019

CVE-2023-26138

MEDIUM

CVSS:4.3(Medium)

All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (ca...

CWE-932023

CVE-2017-18587

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.

CWE-932017

CVE-2018-12537

MEDIUM

CVSS:5.3(Medium)

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfilter...

CWE-932018