Vulnerability Details : CVE-2020-7459
In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.
Vulnerability category: Input validation
Products affected by CVE-2020-7459
- cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:12.1:p7:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-7459
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-7459
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2020-7459
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-7459
-
https://security.netapp.com/advisory/ntap-20200821-0005/
August 2020 FreeBSD Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:21.usb_net.asc
Vendor Advisory
Jump to