cnvd-2020-32906
Vulnerability from cnvd
Title
多款Cisco产品缓冲区溢出漏洞
Description
Cisco 809 Industrial Integrated Services Routers等都是美国思科(Cisco)公司的产品。Cisco 809 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 829 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 1000 Series Connected Grid Routers是一款1000系列互联网格路由器。Cisco IOS Software是运行在其中的一套为其网络设备开发的软件。 Cisco 809 Industrial ISRs、829 Industrial ISRs和CGR1000中的IOS Software的诊断检查CLI命令存在缓冲区溢出漏洞。攻击者可通过进行身份验证并发送诊断检测命令利用该漏洞执行任意代码。
Severity
Patch Name
多款Cisco产品缓冲区溢出漏洞的补丁
Patch Description
Cisco 809 Industrial Integrated Services Routers等都是美国思科(Cisco)公司的产品。Cisco 809 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 829 Industrial Integrated Services Routers是一款工业集成多业务路由器。Cisco 1000 Series Connected Grid Routers是一款1000系列互联网格路由器。Cisco IOS Software是运行在其中的一套为其网络设备开发的软件。 Cisco 809 Industrial ISRs、829 Industrial ISRs和CGR1000中的IOS Software的诊断检查CLI命令存在缓冲区溢出漏洞。攻击者可通过进行身份验证并发送诊断检测命令利用该漏洞执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH

Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-3258
Impacted products
Name
['Cisco 809 Industrial Integrated Services Routers', 'Cisco 829 Industrial Integrated Services Routers', 'Cisco 1000 Series Connected Grid Routers']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3258"
    }
  },
  "description": "Cisco 809 Industrial Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 809 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 829 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Connected Grid Routers\u662f\u4e00\u6b3e1000\u7cfb\u5217\u4e92\u8054\u7f51\u683c\u8def\u7531\u5668\u3002Cisco IOS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u8f6f\u4ef6\u3002\n\nCisco 809 Industrial ISRs\u3001829 Industrial ISRs\u548cCGR1000\u4e2d\u7684IOS Software\u7684\u8bca\u65ad\u68c0\u67e5CLI\u547d\u4ee4\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u53d1\u9001\u8bca\u65ad\u68c0\u6d4b\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-32906",
  "openTime": "2020-06-15",
  "patchDescription": "Cisco 809 Industrial Integrated Services Routers\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco 809 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 829 Industrial Integrated Services Routers\u662f\u4e00\u6b3e\u5de5\u4e1a\u96c6\u6210\u591a\u4e1a\u52a1\u8def\u7531\u5668\u3002Cisco 1000 Series Connected Grid Routers\u662f\u4e00\u6b3e1000\u7cfb\u5217\u4e92\u8054\u7f51\u683c\u8def\u7531\u5668\u3002Cisco IOS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u8f6f\u4ef6\u3002\r\n\r\nCisco 809 Industrial ISRs\u3001829 Industrial ISRs\u548cCGR1000\u4e2d\u7684IOS Software\u7684\u8bca\u65ad\u68c0\u67e5CLI\u547d\u4ee4\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u5e76\u53d1\u9001\u8bca\u65ad\u68c0\u6d4b\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco 809 Industrial Integrated Services Routers",
      "Cisco 829 Industrial Integrated Services Routers",
      "Cisco 1000 Series Connected Grid Routers"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3258",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-04",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.