cnvd - cnvd-2020-31825

cnvd-2020-31825

Vulnerability from cnvd

Title

Cisco 809、829 Industrial Integrated Services Routers和Cisco 1000 Series Connected Grid Routers IOS Software缓冲区溢出漏洞

Description

Cisco 809 Industrial Integrated Services Routers等都是美国思科（Cisco）公司的产品。Cisco 809 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 829 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 1000 Series Connected Grid Routers是一款1000系列互联网格路由器。Cisco IOS Software是运行在其中的一套为其网络设备开发的软件。 Cisco 809 Industrial ISRs、829 Industrial ISRs和CGR1000中的IOS Software的代码区域（管理虚拟机之间的信令）存在缓冲区溢出漏洞，该漏洞源于错误的边界检查。远程攻击者可通过发送恶意的数据包利用该漏洞造成系统崩溃并重新加载。

Severity

高

Patch Name

Cisco 809、829 Industrial Integrated Services Routers和Cisco 1000 Series Connected Grid Routers IOS Software缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH

Impacted products

Name
['Cisco 809 Industrial Integrated Services Routers', 'Cisco 829 Industrial Integrated Services Routers', 'Cisco 1000 Series Connected Grid Routers']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3198"
    }
  },
  "description": "Cisco 809 Industrial Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 809 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 829 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Connected Grid Routers\u662f\u4e00\u6b3e1000\u7cfb\u5217\u4e92\u8054\u7f51\u683c\u8def\u7531\u5668\u3002Cisco IOS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u8f6f\u4ef6\u3002\n\nCisco 809 Industrial ISRs\u3001829 Industrial ISRs\u548cCGR1000\u4e2d\u7684IOS Software\u7684\u4ee3\u7801\u533a\u57df\uff08\u7ba1\u7406\u865a\u62df\u673a\u4e4b\u95f4\u7684\u4fe1\u4ee4\uff09\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u5d29\u6e83\u5e76\u91cd\u65b0\u52a0\u8f7d\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\n\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31825",
  "openTime": "2020-06-08",
  "patchDescription": "Cisco 809 Industrial Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 809 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 829 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Connected Grid Routers\u662f\u4e00\u6b3e1000\u7cfb\u5217\u4e92\u8054\u7f51\u683c\u8def\u7531\u5668\u3002Cisco IOS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u8f6f\u4ef6\u3002\r\n\r\nCisco 809 Industrial ISRs\u3001829 Industrial ISRs\u548cCGR1000\u4e2d\u7684IOS Software\u7684\u4ee3\u7801\u533a\u57df\uff08\u7ba1\u7406\u865a\u62df\u673a\u4e4b\u95f4\u7684\u4fe1\u4ee4\uff09\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u5d29\u6e83\u5e76\u91cd\u65b0\u52a0\u8f7d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco 809\u3001829 Industrial Integrated Services Routers\u548cCisco 1000 Series Connected Grid Routers IOS Software\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco 809 Industrial Integrated Services Routers",
      "Cisco 829 Industrial Integrated Services Routers",
      "Cisco 1000 Series Connected Grid Routers"
    ]
  },
  "serverity": "\u9ad8",
  "submitTime": "2020-06-04",
  "title": "Cisco 809\u3001829 Industrial Integrated Services Routers\u548cCisco 1000 Series Connected Grid Routers IOS Software\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2020-3198 (GCVE-0-2020-3198)

Vulnerability from cvelistv5

Published

2020-06-03 17:45

Modified

2024-11-15 17:13

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119

Summary

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.

References

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH

vendor-advisory, x_refsource_CISCO