cnvd - cnvd-2020-31825

cnvd-2020-31825

Vulnerability from cnvd

Title: Cisco 809、829 Industrial Integrated Services Routers和Cisco 1000 Series Connected Grid Routers IOS Software缓冲区溢出漏洞

Description:

Cisco 809 Industrial Integrated Services Routers等都是美国思科（Cisco）公司的产品。Cisco 809 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 829 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 1000 Series Connected Grid Routers是一款1000系列互联网格路由器。Cisco IOS Software是运行在其中的一套为其网络设备开发的软件。

Cisco 809 Industrial ISRs、829 Industrial ISRs和CGR1000中的IOS Software的代码区域（管理虚拟机之间的信令）存在缓冲区溢出漏洞，该漏洞源于错误的边界检查。远程攻击者可通过发送恶意的数据包利用该漏洞造成系统崩溃并重新加载。

Severity: 高

Patch Name: Cisco 809、829 Industrial Integrated Services Routers和Cisco 1000 Series Connected Grid Routers IOS Software缓冲区溢出漏洞的补丁

Patch Description:

Cisco 809 Industrial ISRs、829 Industrial ISRs和CGR1000中的IOS Software的代码区域（管理虚拟机之间的信令）存在缓冲区溢出漏洞，该漏洞源于错误的边界检查。远程攻击者可通过发送恶意的数据包利用该漏洞造成系统崩溃并重新加载。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH

Impacted products

Name
['Cisco 809 Industrial Integrated Services Routers', 'Cisco 829 Industrial Integrated Services Routers', 'Cisco 1000 Series Connected Grid Routers']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3198"
    }
  },
  "description": "Cisco 809 Industrial Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 809 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 829 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Connected Grid Routers\u662f\u4e00\u6b3e1000\u7cfb\u5217\u4e92\u8054\u7f51\u683c\u8def\u7531\u5668\u3002Cisco IOS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u8f6f\u4ef6\u3002\n\nCisco 809 Industrial ISRs\u3001829 Industrial ISRs\u548cCGR1000\u4e2d\u7684IOS Software\u7684\u4ee3\u7801\u533a\u57df\uff08\u7ba1\u7406\u865a\u62df\u673a\u4e4b\u95f4\u7684\u4fe1\u4ee4\uff09\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u5d29\u6e83\u5e76\u91cd\u65b0\u52a0\u8f7d\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\n\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31825",
  "openTime": "2020-06-08",
  "patchDescription": "Cisco 809 Industrial Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 809 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 829 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Connected Grid Routers\u662f\u4e00\u6b3e1000\u7cfb\u5217\u4e92\u8054\u7f51\u683c\u8def\u7531\u5668\u3002Cisco IOS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u8f6f\u4ef6\u3002\r\n\r\nCisco 809 Industrial ISRs\u3001829 Industrial ISRs\u548cCGR1000\u4e2d\u7684IOS Software\u7684\u4ee3\u7801\u533a\u57df\uff08\u7ba1\u7406\u865a\u62df\u673a\u4e4b\u95f4\u7684\u4fe1\u4ee4\uff09\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u6076\u610f\u7684\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u7cfb\u7edf\u5d29\u6e83\u5e76\u91cd\u65b0\u52a0\u8f7d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco 809\u3001829 Industrial Integrated Services Routers\u548cCisco 1000 Series Connected Grid Routers IOS Software\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco 809 Industrial Integrated Services Routers",
      "Cisco 829 Industrial Integrated Services Routers",
      "Cisco 1000 Series Connected Grid Routers"
    ]
  },
  "serverity": "\u9ad8",
  "submitTime": "2020-06-04",
  "title": "Cisco 809\u3001829 Industrial Integrated Services Routers\u548cCisco 1000 Series Connected Grid Routers IOS Software\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2020-3198 (GCVE-0-2020-3198)

Vulnerability from cvelistv5

Published

2020-06-03 17:45

Modified

2024-11-15 17:13

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119

Summary

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS 12.2(60)EZ16	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:19:40.567795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:13:29.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:45:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH",
        "defect": [
          [
            "CSCvr12083",
            "CSCvr46885"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3198",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH",
          "defect": [
            [
              "CSCvr12083",
              "CSCvr46885"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3198",
    "datePublished": "2020-06-03T17:45:13.516630Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:13:29.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted