All the vulnerabilites related to cisco - ir809g-lte-ga-k9
Vulnerability from fkie_nvd
Published
2020-06-03 18:15
Modified
2024-11-21 05:30
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNHPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNHPatch, Vendor Advisory
Impacted products
Vendor Product Version
cisco ios 15.8\(3\)m2
cisco ios 15.8\(9\)
cisco ios 15.9
cisco 1120 -
cisco 1240 -
cisco ir809g-lte-ga-k9 -
cisco ir809g-lte-la-k9 -
cisco ir809g-lte-na-k9 -
cisco ir809g-lte-vz-k9 -
cisco ir829-2lte-ea-ak9 -
cisco ir829-2lte-ea-bk9 -
cisco ir829-2lte-ea-ek9 -
cisco ir829gw-lte-ga-ck9 -
cisco ir829gw-lte-ga-ek9 -
cisco ir829gw-lte-ga-sk9 -
cisco ir829gw-lte-ga-zk9 -
cisco ir829gw-lte-na-ak9 -
cisco ir829gw-lte-vz-ak9 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
              "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5FCAB89A-EF98-47B7-AE7A-236F739244FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA9B42B-5D01-40F8-9981-7E094534F3C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0502FCFE-B123-422C-AC43-05260B4E952C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-ga-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B4B073-21C9-43EC-9F3E-6B9E14302D49",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-la-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "661C304A-BE1A-4A5A-8B35-B18725082AB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-na-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1189BB4A-AE5E-450E-AC4C-B5A03172799F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-vz-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "168FA298-68C0-4BB1-A94A-21E3615FBA6C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-ak9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB62C534-29F8-48CA-9D45-42C49CE68577",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-bk9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B670C5A3-4E19-428F-87D0-C2B12EE2CB92",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-ek9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF5C3D3-833D-405B-8E1E-ED3BC29CD5E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-ck9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D39174-298E-4C06-A289-B0C4585B2E99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-ek9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB259DDC-AB98-405E-A369-49A3B89F48F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-sk9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B57D05-6702-4026-9E36-0CBEC6BE8001",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-zk9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC62F7A8-9D57-4703-A7DF-451C2CA75919",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-na-ak9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F497A3-8153-4524-9E8D-2CFDCF2ADCDE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-vz-ak9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD4298-A8D5-4D7C-A9D9-694606042C12",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00edan permitir a un atacante remoto no autenticado o un atacante local autenticado ejecutar c\u00f3digo arbitrario sobre un sistema afectado o causar que un sistema afectado se bloquee y vuelva a cargar. Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso."
    }
  ],
  "id": "CVE-2020-3258",
  "lastModified": "2024-11-21T05:30:40.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:21.997",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-03 18:15
Modified
2024-11-21 05:30
Severity ?
8.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYLPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYLPatch, Vendor Advisory
Impacted products
Vendor Product Version
cisco ios 15.8\(3.0z\)m1
cisco ios 15.9
cisco 1120_connected_grid_router -
cisco 1240_connected_grid_router -
cisco ir809g-lte-ga-k9 -
cisco ir809g-lte-la-k9 -
cisco ir809g-lte-na-k9 -
cisco ir809g-lte-vz-k9 -
cisco ir829-2lte-ea-ak9 -
cisco ir829-2lte-ea-bk9 -
cisco ir829-2lte-ea-ek9 -
cisco ir829gw-lte-ga-ck9 -
cisco ir829gw-lte-ga-ek9 -
cisco ir829gw-lte-ga-sk9 -
cisco ir829gw-lte-ga-zk9 -
cisco ir829gw-lte-na-ak9 -
cisco ir829gw-lte-vz-ak9 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.8\\(3.0z\\)m1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EC0719-9B7C-48FA-8354-B1433F3C5435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA9B42B-5D01-40F8-9981-7E094534F3C6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6835F8AD-B55D-4B57-B3B5-0095E309B2B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AB6ACAE-8C89-48F6-95BA-DE32F4F81FE6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-ga-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B4B073-21C9-43EC-9F3E-6B9E14302D49",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-la-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "661C304A-BE1A-4A5A-8B35-B18725082AB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-na-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1189BB4A-AE5E-450E-AC4C-B5A03172799F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir809g-lte-vz-k9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "168FA298-68C0-4BB1-A94A-21E3615FBA6C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-ak9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB62C534-29F8-48CA-9D45-42C49CE68577",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-bk9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B670C5A3-4E19-428F-87D0-C2B12EE2CB92",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-ek9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF5C3D3-833D-405B-8E1E-ED3BC29CD5E0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-ck9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8D39174-298E-4C06-A289-B0C4585B2E99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-ek9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB259DDC-AB98-405E-A369-49A3B89F48F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-sk9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B57D05-6702-4026-9E36-0CBEC6BE8001",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-zk9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC62F7A8-9D57-4703-A7DF-451C2CA75919",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-na-ak9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F497A3-8153-4524-9E8D-2CFDCF2ADCDE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ir829gw-lte-vz-ak9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "61BD4298-A8D5-4D7C-A9D9-694606042C12",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en el entorno de aplicaci\u00f3n Cisco IOx de Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) que ejecuta Cisco IOS Software, podr\u00edan permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario con privilegios elevados sobre un dispositivo afectado. Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso."
    }
  ],
  "id": "CVE-2020-3257",
  "lastModified": "2024-11-21T05:30:40.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:21.840",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-3258
Vulnerability from cvelistv5
Published
2020-06-03 17:56
Modified
2024-11-15 17:11
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNHvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:19:39.379267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:11:02.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:56:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH",
        "defect": [
          [
            "CSCvr12083",
            "CSCvr46885"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3258",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH",
          "defect": [
            [
              "CSCvr12083",
              "CSCvr46885"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3258",
    "datePublished": "2020-06-03T17:56:13.400169Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:11:02.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3257
Vulnerability from cvelistv5
Published
2020-06-03 17:56
Modified
2024-11-15 17:11
Severity ?
8.1 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYLvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3257",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:27:52.076991Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:11:12.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:56:08",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
        "defect": [
          [
            "CSCvq68872",
            "CSCvr15042"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3257",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
          "defect": [
            [
              "CSCvq68872",
              "CSCvr15042"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3257",
    "datePublished": "2020-06-03T17:56:08.634778Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:11:12.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}