{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(4\\)jaz1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D4358B9-F3DB-46AC-A3A8-114E25F676DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpi:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E0326F-98A1-48B4-945D-D8603D5A8609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "D962FBA3-CE59-401B-9451-45001775BA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8E0069-21AB-497F-9F4C-6F7C041BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C85BAAF-819B-40E7-9099-04AA8D9AB114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED684DB4-527A-4268-B197-4719B0178429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F41406-0F55-4D74-A4F6-4ABD5A803907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7082C083-7517-4CD4-BF95-CC7AF08D4053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "370EF3DC-151F-4724-A026-3AD8ED6D801C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8FB86F-2A89-413B-BED7-97E3D392804E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "005EAD76-34BE-4E3F-8840-23F613661FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2595B3E3-7FD4-4EFF-98A2-89156A657A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB998A1F-BAEA-4B8F-BE49-1C282ED3952E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AABDAB3-6329-48CF-BB49-DA2046AB9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96E41FF-DD4B-4D55-8C96-248C9A15226B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F7ACB5-4FE5-4B07-8B4D-28DF8D655199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F21FEC-A536-45CB-9AE5-61CE45EAD1B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6994F100-864F-4512-9141-F7D1050F9DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0CC364-FF3A-4FB3-8004-6628400BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A1BC08-28AF-4583-BE21-0D85CA2D7B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4E00DF-60FD-48F2-A69A-D709A5657F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5D3761-16C8-413A-89AD-C076B9B92FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F690BEC9-FAE9-4C02-9993-34BF14FA99EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B8565B-3EE6-48DC-AE92-9F16AFFC509C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "716EC9AA-0569-4FA7-A244-1A14FA15C5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "39166A66-859D-43A7-9947-3F3C32FBFAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "097D1950-6159-45A2-8653-D3F90044D0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F421AC3C-B0BC-4177-ACDB-87792C1636EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA965B88-3464-4320-B9C4-594C49C9C0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C427BA8-3A8C-4934-997B-6DDF9CEB96AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7809674-4738-463E-B522-FC6C419E2A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD51F00-C219-439F-918E-9AF20A6E053A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BCB671-7ED0-43D5-894F-8B3DBF44E68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4802BC7-F326-4F6E-9C74-04032FF35FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDE3BCF-B518-47B0-BD3B-0B75515771E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B0621A-D7A2-415B-91ED-674F2FB4227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D7FDD-8CE6-4E83-A186-734BC5546E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E25B3DC-B9A7-4DFC-8566-3F790F460DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "679DCA8C-F64B-4716-BCC9-9C461A89CB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBF8B70-DFBE-4F6E-83F0-171F03E97606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA55D660-66C6-4278-8C27-25DB2712CC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5609B342-D98E-4850-A0FE-810699A80A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0B918F-A28C-4B5A-A566-6E588B4F6696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "436114F2-D906-4469-99C4-10B75253B3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EB41FD-4DE2-4753-A18C-C877B81B51D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "158EDE62-04C9-471B-B243-309D49583E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "405CC56E-574F-4983-B492-C8811FAF06E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1829074-66F9-4B3B-A084-B88D838CFC44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6715A135-61A7-4E56-948D-8A8D5F7C98C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C836C26-DBC1-42CB-9B73-9F248D4F2B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0502FCFE-B123-422C-AC43-05260B4E952C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5AB946-818F-44CF-864E-F24ACC999A2D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0606E8E-0E89-4DE9-8389-60D9DDAC30B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la implementaci\u00f3n del canal inter-VM de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) podr\u00eda permitir a un atacante adyacente no autenticado ejecutar comandos de shell arbitrarios en el Virtual Device Server (VDS) de un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de los paquetes de se\u00f1alizaci\u00f3n destinados a VDS. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes maliciosos hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el contexto del shell de VDS de Linux con los privilegios del usuario root. Debido a que el dispositivo est\u00e1 dise\u00f1ado en una arquitectura  de hypervisor, la explotaci\u00f3n de una vulnerabilidad que afecta el canal inter-VM puede conllevar a un compromiso completo del sistema. Para mayor informaci\u00f3n sobre esta vulnerabilidad, ver la secci\u00f3n de Detalles de este aviso."
    }
  ],
  "id": "CVE-2020-3205",
  "lastModified": "2024-11-21T05:30:33.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:18.573",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "39166A66-859D-43A7-9947-3F3C32FBFAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "097D1950-6159-45A2-8653-D3F90044D0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F421AC3C-B0BC-4177-ACDB-87792C1636EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA965B88-3464-4320-B9C4-594C49C9C0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C427BA8-3A8C-4934-997B-6DDF9CEB96AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7809674-4738-463E-B522-FC6C419E2A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD51F00-C219-439F-918E-9AF20A6E053A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BCB671-7ED0-43D5-894F-8B3DBF44E68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4802BC7-F326-4F6E-9C74-04032FF35FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDE3BCF-B518-47B0-BD3B-0B75515771E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B0621A-D7A2-415B-91ED-674F2FB4227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D7FDD-8CE6-4E83-A186-734BC5546E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E25B3DC-B9A7-4DFC-8566-3F790F460DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "679DCA8C-F64B-4716-BCC9-9C461A89CB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0B918F-A28C-4B5A-A566-6E588B4F6696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "436114F2-D906-4469-99C4-10B75253B3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EB41FD-4DE2-4753-A18C-C877B81B51D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "158EDE62-04C9-471B-B243-309D49583E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6715A135-61A7-4E56-948D-8A8D5F7C98C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C836C26-DBC1-42CB-9B73-9F248D4F2B6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB47690-B2F6-49A8-BA77-3474E31C8694",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:809:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB84AD16-CC85-4D9A-8FF3-77EA5B3898B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:829:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB3C4D5-3410-4D26-9F7E-CA30F108BAAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad image verification de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs), podr\u00eda permitir a un atacante local autenticado iniciar una imagen de software malicioso sobre un dispositivo afectado. La vulnerabilidad es debido a restricciones de acceso insuficientes en el \u00e1rea de c\u00f3digo que administra la funcionalidad image verification. Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse primero en el dispositivo objetivo y luego iniciar sesi\u00f3n en el  Virtual Device Server (VDS) de un dispositivo afectado. El atacante podr\u00eda, desde el shell de VDS, deshabilitar la verificaci\u00f3n de integridad (imagen) de Cisco IOS Software. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante iniciar una imagen maliciosa del Cisco IOS Software en el dispositivo objetivo. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de usuario v\u00e1lidas en el nivel de privilegio 15."
    }
  ],
  "id": "CVE-2020-3208",
  "lastModified": "2024-11-21T05:30:33.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:18.870",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "D962FBA3-CE59-401B-9451-45001775BA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8E0069-21AB-497F-9F4C-6F7C041BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C85BAAF-819B-40E7-9099-04AA8D9AB114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED684DB4-527A-4268-B197-4719B0178429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F41406-0F55-4D74-A4F6-4ABD5A803907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7082C083-7517-4CD4-BF95-CC7AF08D4053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "370EF3DC-151F-4724-A026-3AD8ED6D801C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8FB86F-2A89-413B-BED7-97E3D392804E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "005EAD76-34BE-4E3F-8840-23F613661FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2595B3E3-7FD4-4EFF-98A2-89156A657A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB998A1F-BAEA-4B8F-BE49-1C282ED3952E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AABDAB3-6329-48CF-BB49-DA2046AB9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96E41FF-DD4B-4D55-8C96-248C9A15226B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F7ACB5-4FE5-4B07-8B4D-28DF8D655199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F21FEC-A536-45CB-9AE5-61CE45EAD1B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6994F100-864F-4512-9141-F7D1050F9DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0CC364-FF3A-4FB3-8004-6628400BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A1BC08-28AF-4583-BE21-0D85CA2D7B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4E00DF-60FD-48F2-A69A-D709A5657F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5D3761-16C8-413A-89AD-C076B9B92FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F690BEC9-FAE9-4C02-9993-34BF14FA99EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B8565B-3EE6-48DC-AE92-9F16AFFC509C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "716EC9AA-0569-4FA7-A244-1A14FA15C5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "39166A66-859D-43A7-9947-3F3C32FBFAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "097D1950-6159-45A2-8653-D3F90044D0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F421AC3C-B0BC-4177-ACDB-87792C1636EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA965B88-3464-4320-B9C4-594C49C9C0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C427BA8-3A8C-4934-997B-6DDF9CEB96AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7809674-4738-463E-B522-FC6C419E2A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD51F00-C219-439F-918E-9AF20A6E053A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BCB671-7ED0-43D5-894F-8B3DBF44E68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4802BC7-F326-4F6E-9C74-04032FF35FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDE3BCF-B518-47B0-BD3B-0B75515771E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B0621A-D7A2-415B-91ED-674F2FB4227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D7FDD-8CE6-4E83-A186-734BC5546E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E25B3DC-B9A7-4DFC-8566-3F790F460DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "679DCA8C-F64B-4716-BCC9-9C461A89CB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBF8B70-DFBE-4F6E-83F0-171F03E97606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA55D660-66C6-4278-8C27-25DB2712CC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5609B342-D98E-4850-A0FE-810699A80A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0B918F-A28C-4B5A-A566-6E588B4F6696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "436114F2-D906-4469-99C4-10B75253B3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EB41FD-4DE2-4753-A18C-C877B81B51D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "158EDE62-04C9-471B-B243-309D49583E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "405CC56E-574F-4983-B492-C8811FAF06E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1829074-66F9-4B3B-A084-B88D838CFC44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6715A135-61A7-4E56-948D-8A8D5F7C98C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C836C26-DBC1-42CB-9B73-9F248D4F2B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0502FCFE-B123-422C-AC43-05260B4E952C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5AB946-818F-44CF-864E-F24ACC999A2D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0606E8E-0E89-4DE9-8389-60D9DDAC30B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en el entorno de aplicaci\u00f3n en Cisco IOx de Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) que ejecuta Cisco IOS Software, podr\u00edan permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario con privilegios elevados en un dispositivo afectado. Para mayor informaci\u00f3n sobre estas vulnerabilidades, ver la secci\u00f3n de Detalles de este aviso."
    }
  ],
  "id": "CVE-2020-3199",
  "lastModified": "2024-11-21T05:30:32.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:17.027",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB47690-B2F6-49A8-BA77-3474E31C8694",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:809:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB84AD16-CC85-4D9A-8FF3-77EA5B3898B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:829:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB3C4D5-3410-4D26-9F7E-CA30F108BAAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en los analizadores de la CLI de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00eda permitir a un atacante local autenticado ejecutar comandos de shell arbitrarios en el Virtual Device Server (VDS) de un dispositivo afectado. El atacante debe tener credenciales de usuario v\u00e1lidas en el nivel de privilegio 15. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de los argumentos que se pasan a comandos espec\u00edficos de CLI relacionados con VDS. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo objetivo e incluyendo entradas maliciosas como argumento de un comando afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el contexto del shell de VDS de Linux con los privilegios del usuario root."
    }
  ],
  "id": "CVE-2020-3210",
  "lastModified": "2024-11-21T05:30:34.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:19.073",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "D962FBA3-CE59-401B-9451-45001775BA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8E0069-21AB-497F-9F4C-6F7C041BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C85BAAF-819B-40E7-9099-04AA8D9AB114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED684DB4-527A-4268-B197-4719B0178429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F41406-0F55-4D74-A4F6-4ABD5A803907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7082C083-7517-4CD4-BF95-CC7AF08D4053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "370EF3DC-151F-4724-A026-3AD8ED6D801C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8FB86F-2A89-413B-BED7-97E3D392804E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "005EAD76-34BE-4E3F-8840-23F613661FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2595B3E3-7FD4-4EFF-98A2-89156A657A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB998A1F-BAEA-4B8F-BE49-1C282ED3952E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AABDAB3-6329-48CF-BB49-DA2046AB9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96E41FF-DD4B-4D55-8C96-248C9A15226B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F7ACB5-4FE5-4B07-8B4D-28DF8D655199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F21FEC-A536-45CB-9AE5-61CE45EAD1B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6994F100-864F-4512-9141-F7D1050F9DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0CC364-FF3A-4FB3-8004-6628400BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A1BC08-28AF-4583-BE21-0D85CA2D7B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4E00DF-60FD-48F2-A69A-D709A5657F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5D3761-16C8-413A-89AD-C076B9B92FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F690BEC9-FAE9-4C02-9993-34BF14FA99EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B8565B-3EE6-48DC-AE92-9F16AFFC509C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "716EC9AA-0569-4FA7-A244-1A14FA15C5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "39166A66-859D-43A7-9947-3F3C32FBFAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "097D1950-6159-45A2-8653-D3F90044D0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F421AC3C-B0BC-4177-ACDB-87792C1636EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA965B88-3464-4320-B9C4-594C49C9C0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C427BA8-3A8C-4934-997B-6DDF9CEB96AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7809674-4738-463E-B522-FC6C419E2A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD51F00-C219-439F-918E-9AF20A6E053A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BCB671-7ED0-43D5-894F-8B3DBF44E68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4802BC7-F326-4F6E-9C74-04032FF35FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDE3BCF-B518-47B0-BD3B-0B75515771E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B0621A-D7A2-415B-91ED-674F2FB4227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D7FDD-8CE6-4E83-A186-734BC5546E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E25B3DC-B9A7-4DFC-8566-3F790F460DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "679DCA8C-F64B-4716-BCC9-9C461A89CB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBF8B70-DFBE-4F6E-83F0-171F03E97606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA55D660-66C6-4278-8C27-25DB2712CC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5609B342-D98E-4850-A0FE-810699A80A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA0B918F-A28C-4B5A-A566-6E588B4F6696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "436114F2-D906-4469-99C4-10B75253B3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EB41FD-4DE2-4753-A18C-C877B81B51D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "158EDE62-04C9-471B-B243-309D49583E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "405CC56E-574F-4983-B492-C8811FAF06E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1829074-66F9-4B3B-A084-B88D838CFC44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6715A135-61A7-4E56-948D-8A8D5F7C98C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C836C26-DBC1-42CB-9B73-9F248D4F2B6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB47690-B2F6-49A8-BA77-3474E31C8694",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:809:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB84AD16-CC85-4D9A-8FF3-77EA5B3898B7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:829:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB3C4D5-3410-4D26-9F7E-CA30F108BAAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device\u0026rsquo;s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la autenticaci\u00f3n de la consola virtual de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00eda permitir a un atacante local autenticado pero poco privilegiado iniciar sesi\u00f3n en el Virtual Device Server (VDS) de un dispositivo afectado mediante el uso de un conjunto de credenciales predeterminadas. La vulnerabilidad es debido a la presencia de credenciales d\u00e9biles y embebidas. Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en el dispositivo objetivo y luego conectarse a VDS por medio de la consola virtual device\u2019s usando las credenciales est\u00e1ticas. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante acceder al shell de VDS de Linux como usuario root."
    }
  ],
  "id": "CVE-2020-3234",
  "lastModified": "2024-11-21T05:30:37.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:21.370",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "D962FBA3-CE59-401B-9451-45001775BA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)cg:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8E0069-21AB-497F-9F4C-6F7C041BA0E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C85BAAF-819B-40E7-9099-04AA8D9AB114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED684DB4-527A-4268-B197-4719B0178429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F41406-0F55-4D74-A4F6-4ABD5A803907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7082C083-7517-4CD4-BF95-CC7AF08D4053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "370EF3DC-151F-4724-A026-3AD8ED6D801C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8FB86F-2A89-413B-BED7-97E3D392804E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "005EAD76-34BE-4E3F-8840-23F613661FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2595B3E3-7FD4-4EFF-98A2-89156A657A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB998A1F-BAEA-4B8F-BE49-1C282ED3952E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AABDAB3-6329-48CF-BB49-DA2046AB9048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96E41FF-DD4B-4D55-8C96-248C9A15226B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F7ACB5-4FE5-4B07-8B4D-28DF8D655199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F21FEC-A536-45CB-9AE5-61CE45EAD1B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6994F100-864F-4512-9141-F7D1050F9DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0CC364-FF3A-4FB3-8004-6628400BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "67A1BC08-28AF-4583-BE21-0D85CA2D7B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4E00DF-60FD-48F2-A69A-D709A5657F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5D3761-16C8-413A-89AD-C076B9B92FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F690BEC9-FAE9-4C02-9993-34BF14FA99EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B8565B-3EE6-48DC-AE92-9F16AFFC509C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "716EC9AA-0569-4FA7-A244-1A14FA15C5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "39166A66-859D-43A7-9947-3F3C32FBFAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "097D1950-6159-45A2-8653-D3F90044D0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F421AC3C-B0BC-4177-ACDB-87792C1636EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA965B88-3464-4320-B9C4-594C49C9C0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C427BA8-3A8C-4934-997B-6DDF9CEB96AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7809674-4738-463E-B522-FC6C419E2A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD51F00-C219-439F-918E-9AF20A6E053A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BCB671-7ED0-43D5-894F-8B3DBF44E68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4802BC7-F326-4F6E-9C74-04032FF35FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEDE3BCF-B518-47B0-BD3B-0B75515771E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B0621A-D7A2-415B-91ED-674F2FB4227B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9D7FDD-8CE6-4E83-A186-734BC5546E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E25B3DC-B9A7-4DFC-8566-3F790F460DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "679DCA8C-F64B-4716-BCC9-9C461A89CB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
              "matchCriteriaId": "09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBF8B70-DFBE-4F6E-83F0-171F03E97606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA55D660-66C6-4278-8C27-25DB2712CC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5609B342-D98E-4850-A0FE-810699A80A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "405CC56E-574F-4983-B492-C8811FAF06E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1829074-66F9-4B3B-A084-B88D838CFC44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0502FCFE-B123-422C-AC43-05260B4E952C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5AB946-818F-44CF-864E-F24ACC999A2D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0606E8E-0E89-4DE9-8389-60D9DDAC30B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00edan permitir a un atacante remoto no autenticado o a un atacante local autenticado ejecutar c\u00f3digo arbitrario en un sistema afectado o causar que un sistema afectado se bloquee y se vuelva a cargar. Para mayor informaci\u00f3n sobre estas vulnerabilidades, ver la secci\u00f3n de Detalles de este aviso."
    }
  ],
  "id": "CVE-2020-3198",
  "lastModified": "2024-11-21T05:30:31.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:16.917",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:28:06.707695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:13:03.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:45:18",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
        "defect": [
          [
            "CSCvq68872",
            "CSCvr15042"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3199",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
          "defect": [
            [
              "CSCvq68872",
              "CSCvr15042"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3199",
    "datePublished": "2020-06-03T17:45:18.614076Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:13:03.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:56.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:24:09.217685Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:11:57.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device\u0026rsquo;s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:55:49",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-vds-cred-uPMp9zbY",
        "defect": [
          [
            "CSCvo56332"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3234",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device\u0026rsquo;s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-vds-cred-uPMp9zbY",
          "defect": [
            [
              "CSCvo56332"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3234",
    "datePublished": "2020-06-03T17:55:50.054088Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:11:57.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3205",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:24:37.361821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:19:11.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:40:31",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt",
        "defect": [
          [
            "CSCvq66443"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3205",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt",
          "defect": [
            [
              "CSCvq66443"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3205",
    "datePublished": "2020-06-03T17:40:31.527187Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:19:11.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:19:40.567795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:13:29.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:45:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH",
        "defect": [
          [
            "CSCvr12083",
            "CSCvr46885"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3198",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH",
          "defect": [
            [
              "CSCvr12083",
              "CSCvr46885"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3198",
    "datePublished": "2020-06-03T17:45:13.516630Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:13:29.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3208",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:24:33.906234Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:18:33.560Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:40:45",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-ir800-img-verif-wHhLYHjK",
        "defect": [
          [
            "CSCvq27907"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3208",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-ir800-img-verif-wHhLYHjK",
          "defect": [
            [
              "CSCvq27907"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3208",
    "datePublished": "2020-06-03T17:40:45.293593Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:18:33.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:24:31.140273Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:18:08.039Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:40:54",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE",
        "defect": [
          [
            "CSCvq87451",
            "CSCvr18056"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3210",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE",
          "defect": [
            [
              "CSCvq87451",
              "CSCvr18056"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3210",
    "datePublished": "2020-06-03T17:40:54.480970Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:18:08.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}