CVE-2020-3205
Vulnerability from cvelistv5
Published
2020-06-03 17:40
Modified
2024-11-15 17:19
Severity ?
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5JzrtPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5JzrtPatch, Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3205",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:24:37.361821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:19:11.127Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:40:31",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt",
        "defect": [
          [
            "CSCvq66443"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3205",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt",
          "defect": [
            [
              "CSCvq66443"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3205",
    "datePublished": "2020-06-03T17:40:31.527187Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:19:11.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:12.2\\\\(60\\\\)ez16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2950C7F-EEB9-4956-937D-CD978AAC2E44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.0\\\\(2\\\\)sg11a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.2\\\\(4\\\\)jaz1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D4358B9-F3DB-46AC-A3A8-114E25F676DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jaa1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jpi:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20E0326F-98A1-48B4-945D-D8603D5A8609\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jpj:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F69B4F2-4A03-4383-8958-11EE154A7350\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(1\\\\)cg:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D962FBA3-CE59-401B-9451-45001775BA66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(2\\\\)cg:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA8E0069-21AB-497F-9F4C-6F7C041BA0E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C85BAAF-819B-40E7-9099-04AA8D9AB114\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED684DB4-527A-4268-B197-4719B0178429\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F41406-0F55-4D74-A4F6-4ABD5A803907\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7082C083-7517-4CD4-BF95-CC7AF08D4053\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"370EF3DC-151F-4724-A026-3AD8ED6D801C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B8FB86F-2A89-413B-BED7-97E3D392804E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"005EAD76-34BE-4E3F-8840-23F613661FE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m6a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2595B3E3-7FD4-4EFF-98A2-89156A657A0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB998A1F-BAEA-4B8F-BE49-1C282ED3952E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AABDAB3-6329-48CF-BB49-DA2046AB9048\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C96E41FF-DD4B-4D55-8C96-248C9A15226B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64F7ACB5-4FE5-4B07-8B4D-28DF8D655199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59F21FEC-A536-45CB-9AE5-61CE45EAD1B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6994F100-864F-4512-9141-F7D1050F9DD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC0CC364-FF3A-4FB3-8004-6628400BC7DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67A1BC08-28AF-4583-BE21-0D85CA2D7B6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A4E00DF-60FD-48F2-A69A-D709A5657F6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F5D3761-16C8-413A-89AD-C076B9B92FF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F690BEC9-FAE9-4C02-9993-34BF14FA99EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0B8565B-3EE6-48DC-AE92-9F16AFFC509C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"716EC9AA-0569-4FA7-A244-1A14FA15C5AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39166A66-859D-43A7-9947-3F3C32FBFAAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"097D1950-6159-45A2-8653-D3F90044D0C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F421AC3C-B0BC-4177-ACDB-87792C1636EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA965B88-3464-4320-B9C4-594C49C9C0F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09CD336D-1110-4B0C-B8D4-7C96293CBADE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m4a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C427BA8-3A8C-4934-997B-6DDF9CEB96AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7809674-4738-463E-B522-FC6C419E2A09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFD51F00-C219-439F-918E-9AF20A6E053A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m6a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57BCB671-7ED0-43D5-894F-8B3DBF44E68E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4802BC7-F326-4F6E-9C74-04032FF35FEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEDE3BCF-B518-47B0-BD3B-0B75515771E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1B0621A-D7A2-415B-91ED-674F2FB4227B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D9D7FDD-8CE6-4E83-A186-734BC5546E35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E25B3DC-B9A7-4DFC-8566-3F790F460DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"679DCA8C-F64B-4716-BCC9-9C461A89CB29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF662E36-0831-4892-850F-844B0E0B54DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E71F49D-E405-4AB4-9188-DA7B338DFD7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"204B0A52-F6AB-406B-B46D-E92F2D7D87F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BBF8B70-DFBE-4F6E-83F0-171F03E97606\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA55D660-66C6-4278-8C27-25DB2712CC1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5609B342-D98E-4850-A0FE-810699A80A1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8320F23D-F6BE-405B-B645-1CEB984E8267\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7C5C705-6A8C-4834-9D24-CFE26A232C15\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC270E40-CABA-44B4-B4DD-E9C47A97770B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC1DB8C1-7F7D-4562-A317-87E925CAD524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AB2645F-C3BF-458F-9D07-6D66E1953730\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m3a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"686FD45C-7722-4D98-A6D7-C36CAC56A4AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"871E33AC-B469-47BA-9317-DC9E3E9BF5C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4091CAC-BFAA-404C-A827-4DA9EADDF621\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m6a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0DA9FCA-4166-4084-96AF-E82CC4A4DB25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m6b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"369A99E0-3451-41D1-8C56-5352EA689950\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33D4A7FA-E4E0-49C2-97FD-A547A1612F75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA0B918F-A28C-4B5A-A566-6E588B4F6696\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"436114F2-D906-4469-99C4-10B75253B3D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C8A00BF-4522-467B-A96E-5C33623DCA2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47C106CF-CBD3-4630-8E77-EDB1643F97E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1DB7943-5CE1-44F6-B093-5EA65BF71A59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64404B00-4956-47B8-ACDB-88E365E97212\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FE6A696-5CBC-4552-A54E-55C21BC74D7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m4a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41237041-1D82-4C6C-BF48-ECEDF9DB08C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m4b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAB72CA3-088E-4EFE-BE1C-190C64101851\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA584AC4-96AB-4026-84DF-F44F3B97F7E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22EB41FD-4DE2-4753-A18C-C877B81B51D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"158EDE62-04C9-471B-B243-309D49583E67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A58C01B-459E-432F-A49F-68EC45EE6E14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56AD5BA0-4D08-4A92-88BE-60AF29BC35CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"198FF520-7631-49D9-B8A8-2E64F6237CC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94E067E8-552B-4691-9F6A-C5E8766287BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C4162EC-90DE-4194-8ABC-55CCB8C24FF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m3a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"405CC56E-574F-4983-B492-C8811FAF06E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m3b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1829074-66F9-4B3B-A084-B88D838CFC44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6715A135-61A7-4E56-948D-8A8D5F7C98C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C836C26-DBC1-42CB-9B73-9F248D4F2B6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0807458A-2453-4575-AE19-0DE15E04B88C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0502FCFE-B123-422C-AC43-05260B4E952C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D5AB946-818F-44CF-864E-F24ACC999A2D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0606E8E-0E89-4DE9-8389-60D9DDAC30B8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la implementaci\\u00f3n del canal inter-VM de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) podr\\u00eda permitir a un atacante adyacente no autenticado ejecutar comandos de shell arbitrarios en el Virtual Device Server (VDS) de un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\\u00f3n insuficiente de los paquetes de se\\u00f1alizaci\\u00f3n destinados a VDS. Un atacante podr\\u00eda explotar esta vulnerabilidad mediante el env\\u00edo de paquetes maliciosos hacia un dispositivo afectado. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir a un atacante ejecutar comandos arbitrarios en el contexto del shell de VDS de Linux con los privilegios del usuario root. Debido a que el dispositivo est\\u00e1 dise\\u00f1ado en una arquitectura  de hypervisor, la explotaci\\u00f3n de una vulnerabilidad que afecta el canal inter-VM puede conllevar a un compromiso completo del sistema. Para mayor informaci\\u00f3n sobre esta vulnerabilidad, ver la secci\\u00f3n de Detalles de este aviso.\"}]",
      "id": "CVE-2020-3205",
      "lastModified": "2024-11-21T05:30:33.330",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 8.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.5, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-03T18:15:18.573",
      "references": "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3205\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2020-06-03T18:15:18.573\",\"lastModified\":\"2024-11-21T05:30:33.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la implementaci\u00f3n del canal inter-VM de Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) podr\u00eda permitir a un atacante adyacente no autenticado ejecutar comandos de shell arbitrarios en el Virtual Device Server (VDS) de un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de los paquetes de se\u00f1alizaci\u00f3n destinados a VDS. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de paquetes maliciosos hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios en el contexto del shell de VDS de Linux con los privilegios del usuario root. Debido a que el dispositivo est\u00e1 dise\u00f1ado en una arquitectura  de hypervisor, la explotaci\u00f3n de una vulnerabilidad que afecta el canal inter-VM puede conllevar a un compromiso completo del sistema. Para mayor informaci\u00f3n sobre esta vulnerabilidad, ver la secci\u00f3n de Detalles de este aviso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:12.2\\\\(60\\\\)ez16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2950C7F-EEB9-4956-937D-CD978AAC2E44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.0\\\\(2\\\\)sg11a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.2\\\\(4\\\\)jaz1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4358B9-F3DB-46AC-A3A8-114E25F676DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jaa1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jpi:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20E0326F-98A1-48B4-945D-D8603D5A8609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.3\\\\(3\\\\)jpj:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F69B4F2-4A03-4383-8958-11EE154A7350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(1\\\\)cg:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D962FBA3-CE59-401B-9451-45001775BA66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(2\\\\)cg:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8E0069-21AB-497F-9F4C-6F7C041BA0E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C85BAAF-819B-40E7-9099-04AA8D9AB114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED684DB4-527A-4268-B197-4719B0178429\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F41406-0F55-4D74-A4F6-4ABD5A803907\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7082C083-7517-4CD4-BF95-CC7AF08D4053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"370EF3DC-151F-4724-A026-3AD8ED6D801C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B8FB86F-2A89-413B-BED7-97E3D392804E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"005EAD76-34BE-4E3F-8840-23F613661FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2595B3E3-7FD4-4EFF-98A2-89156A657A0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB998A1F-BAEA-4B8F-BE49-1C282ED3952E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AABDAB3-6329-48CF-BB49-DA2046AB9048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C96E41FF-DD4B-4D55-8C96-248C9A15226B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.4\\\\(3\\\\)m10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64F7ACB5-4FE5-4B07-8B4D-28DF8D655199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59F21FEC-A536-45CB-9AE5-61CE45EAD1B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6994F100-864F-4512-9141-F7D1050F9DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC0CC364-FF3A-4FB3-8004-6628400BC7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(1\\\\)t4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67A1BC08-28AF-4583-BE21-0D85CA2D7B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A4E00DF-60FD-48F2-A69A-D709A5657F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5D3761-16C8-413A-89AD-C076B9B92FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F690BEC9-FAE9-4C02-9993-34BF14FA99EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(2\\\\)t4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B8565B-3EE6-48DC-AE92-9F16AFFC509C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"716EC9AA-0569-4FA7-A244-1A14FA15C5AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39166A66-859D-43A7-9947-3F3C32FBFAAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"097D1950-6159-45A2-8653-D3F90044D0C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F421AC3C-B0BC-4177-ACDB-87792C1636EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA965B88-3464-4320-B9C4-594C49C9C0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09CD336D-1110-4B0C-B8D4-7C96293CBADE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C427BA8-3A8C-4934-997B-6DDF9CEB96AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7809674-4738-463E-B522-FC6C419E2A09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFD51F00-C219-439F-918E-9AF20A6E053A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57BCB671-7ED0-43D5-894F-8B3DBF44E68E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4802BC7-F326-4F6E-9C74-04032FF35FEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEDE3BCF-B518-47B0-BD3B-0B75515771E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1B0621A-D7A2-415B-91ED-674F2FB4227B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.5\\\\(3\\\\)m11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D9D7FDD-8CE6-4E83-A186-734BC5546E35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E25B3DC-B9A7-4DFC-8566-3F790F460DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"679DCA8C-F64B-4716-BCC9-9C461A89CB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF662E36-0831-4892-850F-844B0E0B54DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E71F49D-E405-4AB4-9188-DA7B338DFD7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(1\\\\)t3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"204B0A52-F6AB-406B-B46D-E92F2D7D87F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBF8B70-DFBE-4F6E-83F0-171F03E97606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA55D660-66C6-4278-8C27-25DB2712CC1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(2\\\\)t3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5609B342-D98E-4850-A0FE-810699A80A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8320F23D-F6BE-405B-B645-1CEB984E8267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7C5C705-6A8C-4834-9D24-CFE26A232C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC270E40-CABA-44B4-B4DD-E9C47A97770B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC1DB8C1-7F7D-4562-A317-87E925CAD524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AB2645F-C3BF-458F-9D07-6D66E1953730\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"686FD45C-7722-4D98-A6D7-C36CAC56A4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"871E33AC-B469-47BA-9317-DC9E3E9BF5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4091CAC-BFAA-404C-A827-4DA9EADDF621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m6a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0DA9FCA-4166-4084-96AF-E82CC4A4DB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m6b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"369A99E0-3451-41D1-8C56-5352EA689950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33D4A7FA-E4E0-49C2-97FD-A547A1612F75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA0B918F-A28C-4B5A-A566-6E588B4F6696\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.6\\\\(3\\\\)m9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"436114F2-D906-4469-99C4-10B75253B3D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C8A00BF-4522-467B-A96E-5C33623DCA2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C106CF-CBD3-4630-8E77-EDB1643F97E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1DB7943-5CE1-44F6-B093-5EA65BF71A59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64404B00-4956-47B8-ACDB-88E365E97212\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE6A696-5CBC-4552-A54E-55C21BC74D7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41237041-1D82-4C6C-BF48-ECEDF9DB08C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m4b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAB72CA3-088E-4EFE-BE1C-190C64101851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA584AC4-96AB-4026-84DF-F44F3B97F7E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22EB41FD-4DE2-4753-A18C-C877B81B51D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3\\\\)m7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"158EDE62-04C9-471B-B243-309D49583E67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A58C01B-459E-432F-A49F-68EC45EE6E14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56AD5BA0-4D08-4A92-88BE-60AF29BC35CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"198FF520-7631-49D9-B8A8-2E64F6237CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94E067E8-552B-4691-9F6A-C5E8766287BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C4162EC-90DE-4194-8ABC-55CCB8C24FF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"405CC56E-574F-4983-B492-C8811FAF06E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m3b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1829074-66F9-4B3B-A084-B88D838CFC44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6715A135-61A7-4E56-948D-8A8D5F7C98C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.8\\\\(3\\\\)m5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C836C26-DBC1-42CB-9B73-9F248D4F2B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.9\\\\(3\\\\)m0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0807458A-2453-4575-AE19-0DE15E04B88C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0502FCFE-B123-422C-AC43-05260B4E952C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D5AB946-818F-44CF-864E-F24ACC999A2D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0606E8E-0E89-4DE9-8389-60D9DDAC30B8\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"name\": \"20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:24:00.796Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3205\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:24:37.361821Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:25:23.517Z\"}}], \"cna\": {\"title\": \"Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability\", \"source\": {\"defect\": [[\"CSCvq66443\"]], \"advisory\": \"cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS 12.2(60)EZ16\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2020-06-03T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"name\": \"20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-06-03T17:40:31\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.8\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvq66443\"]], \"advisory\": \"cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS 12.2(60)EZ16\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt\", \"name\": \"20200603 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3205\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-06-03T16:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-3205\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:19:11.127Z\", \"dateReserved\": \"2019-12-12T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-06-03T17:40:31.527187Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.