fkie_nvd - fkie_cve-2020-3465

fkie_cve-2020-3465

Vulnerability from fkie_nvd

Published

2020-09-24 18:15

Modified

2024-11-21 05:31

Severity ?

7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	16.6.9
cisco	ios_xe	17.4.1
cisco	1100-4p	-
cisco	1100-8p	-
cisco	1100_terminal_services_gateways	-
cisco	1101-4p	-
cisco	1109-2p	-
cisco	1109-4p	-
cisco	1111x-8p	-
cisco	4221_integrated_services_router	-
cisco	4331_integrated_services_router	-
cisco	4431_integrated_services_router	-
cisco	4461_integrated_services_router	-
cisco	9800-cl	-
cisco	9800-l	-
cisco	csr_1000v	-
cisco	esr6300	-
cisco	ir_1101	-
cisco	isrv	-
cisco	vg400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B53828-C520-4845-9C14-6C7D50EAA3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A6B707B-4543-41F1-83DF-49A93BF56FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1100-4p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA8D5057-138A-42C4-BA35-8077A0A60068",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1100-8p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED555B12-41F4-4D62-B519-22601FB7AF8D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1100_terminal_services_gateways:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A4ED65-7DED-4EAD-BF37-FCA71E807CA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1101-4p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21B10158-5235-483E-BACD-C407609EA6BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1109-2p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8964F9BA-6E6C-44BF-9A8C-93D081B6678C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1109-4p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "51251FE1-67D2-4903-B7D3-E0C727B9A93C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1111x-8p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "784E4562-FE26-4049-9D23-4CA46432EE14",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5720462A-BE6B-4E84-A1A1-01E80BBA86AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B60888-6E2B-494E-AC65-83337661EE7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:9800-cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE2BC76E-A166-4E71-B058-F49FF84A9E19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:9800-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "542244A0-300C-4630-812A-BF45F61E38DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF8B0B49-2C99-410B-B011-5B821C5992FB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:esr6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D19136-4ECB-437F-BA8A-E2FE35A39BF9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir_1101:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3B6E5F7-881A-4375-93D2-468A50C661E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:isrv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA48CFE9-2791-40D2-9F33-763C97F7D988",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:vg400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0B5617-2EF7-46C8-BBE6-FED211FC86E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco IOS XE Software, podr\u00eda permitir a un atacante adyacente no autenticado causar la recarga de un dispositivo.\u0026#xa0;La vulnerabilidad es debido al manejo incorrecto de determinadas tramas Ethernet v\u00e1lidas, pero no t\u00edpicas.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de las tramas de Ethernet hacia el segmento Ethernet.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo se recargue, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2020-3465",
  "lastModified": "2024-11-21T05:31:07.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-24T18:15:19.557",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-3465 (GCVE-0-2020-3465)

Vulnerability from cvelistv5

Published

2020-09-24 17:53

Modified

2024-11-13 17:57

Severity ?

7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20

Summary

References

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625

vendor-advisory, x_refsource_CISCO