Vulnerability-Lookup

BDU:2020-02886

Vulnerability from fstec - Published: 03.06.2020

Title

Уязвимость программной платформы IOx операционной системы Cisco IOS, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код или вызвать отказ в обслуживании

Description

Уязвимость программной платформы IOx операционной системы Cisco IOS связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и выполнить произвольный код или вызвать отказ в обслуживании

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS

Software Version

15.6(1)T0a (Cisco IOS), 15.5(3)M (Cisco IOS), 15.5(1)T (Cisco IOS), 15.5(2)T (Cisco IOS), 15.5(1)T3 (Cisco IOS), 15.5(2)T1 (Cisco IOS), 15.5(2)T2 (Cisco IOS), 15.5(2)T3 (Cisco IOS), 15.5(2)T4 (Cisco IOS), 15.5(1)T4 (Cisco IOS), 15.5(3)M1 (Cisco IOS), 15.5(3)M0a (Cisco IOS), 15.5(3)M2 (Cisco IOS), 15.5(3)M3 (Cisco IOS), 15.5(3)M4 (Cisco IOS), 15.5(3)M4a (Cisco IOS), 15.5(3)M5 (Cisco IOS), 15.5(3)M6 (Cisco IOS), 15.5(3)M6a (Cisco IOS), 15.6(1)T (Cisco IOS), 15.6(2)T (Cisco IOS), 15.6(1)T1 (Cisco IOS), 15.6(2)T1 (Cisco IOS), 15.6(1)T2 (Cisco IOS), 15.6(2)T2 (Cisco IOS), 15.6(1)T3 (Cisco IOS), 15.6(2)T3 (Cisco IOS), 15.6(3)M (Cisco IOS), 15.6(3)M1 (Cisco IOS), 15.6(3)M0a (Cisco IOS), 15.6(3)M1b (Cisco IOS), 15.6(3)M2 (Cisco IOS), 15.6(3)M3 (Cisco IOS), 15.6(3)M3a (Cisco IOS), 15.7(3)M (Cisco IOS), 15.3(3)JAA1 (Cisco IOS), 15.5(1)T2 (Cisco IOS), 15.4(3)M6a (Cisco IOS), 15.4(3)M7 (Cisco IOS), 15.4(3)M6 (Cisco IOS), 15.4(3)M5 (Cisco IOS), 15.4(3)M4 (Cisco IOS), 15.6(3)M6 (Cisco IOS), 15.7(3)M3 (Cisco IOS), 15.8(3)M (Cisco IOS), 15.8(3)M0a (Cisco IOS), 15.5(3)M2a (Cisco IOS), 15.4(3)M (Cisco IOS), 15.4(3)M1 (Cisco IOS), 15.4(3)M2 (Cisco IOS), 15.4(3)M3 (Cisco IOS), 15.4(3)M7a (Cisco IOS), 15.4(3)M8 (Cisco IOS), 15.4(3)M9 (Cisco IOS), 15.4(3)M10 (Cisco IOS), 15.5(3)M7 (Cisco IOS), 15.5(3)M8 (Cisco IOS), 15.6(3)M4 (Cisco IOS), 15.6(3)M5 (Cisco IOS), 15.7(3)M1 (Cisco IOS), 15.7(3)M2 (Cisco IOS), 15.4(1)CG (Cisco IOS), 15.4(2)CG (Cisco IOS), 12.2(60)EZ16 (Cisco IOS), 15.0(2)SG11a (Cisco IOS), 15.5(3)M9 (Cisco IOS), 15.5(3)M10 (Cisco IOS), 15.5(3)M11 (Cisco IOS), 15.6(3)M7 (Cisco IOS), 15.6(3)M6a (Cisco IOS), 15.6(3)M6b (Cisco IOS), 15.6(3)M8 (Cisco IOS), 15.6(3)M9 (Cisco IOS), 15.7(3)M4 (Cisco IOS), 15.7(3)M5 (Cisco IOS), 15.7(3)M4a (Cisco IOS), 15.7(3)M4b (Cisco IOS), 15.7(3)M6 (Cisco IOS), 15.7(3)M7 (Cisco IOS), 15.8(3)M1 (Cisco IOS), 15.8(3)M2 (Cisco IOS), 15.8(3)M3 (Cisco IOS), 15.8(3)M2a (Cisco IOS), 15.8(3)M4 (Cisco IOS), 15.8(3)M3a (Cisco IOS), 15.8(3)M3b (Cisco IOS), 15.8(3)M5 (Cisco IOS), 15.9(3)M (Cisco IOS), 15.9(3)M0a (Cisco IOS), 15.3(3)JPJ (Cisco IOS)

Possible Mitigations

Использование рекомендаций: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL https://nvd.nist.gov/vuln/detail/CVE-2020-3199

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.6(1)T0a (Cisco IOS), 15.5(3)M (Cisco IOS), 15.5(1)T (Cisco IOS), 15.5(2)T (Cisco IOS), 15.5(1)T3 (Cisco IOS), 15.5(2)T1 (Cisco IOS), 15.5(2)T2 (Cisco IOS), 15.5(2)T3 (Cisco IOS), 15.5(2)T4 (Cisco IOS), 15.5(1)T4 (Cisco IOS), 15.5(3)M1 (Cisco IOS), 15.5(3)M0a (Cisco IOS), 15.5(3)M2 (Cisco IOS), 15.5(3)M3 (Cisco IOS), 15.5(3)M4 (Cisco IOS), 15.5(3)M4a (Cisco IOS), 15.5(3)M5 (Cisco IOS), 15.5(3)M6 (Cisco IOS), 15.5(3)M6a (Cisco IOS), 15.6(1)T (Cisco IOS), 15.6(2)T (Cisco IOS), 15.6(1)T1 (Cisco IOS), 15.6(2)T1 (Cisco IOS), 15.6(1)T2 (Cisco IOS), 15.6(2)T2 (Cisco IOS), 15.6(1)T3 (Cisco IOS), 15.6(2)T3 (Cisco IOS), 15.6(3)M (Cisco IOS), 15.6(3)M1 (Cisco IOS), 15.6(3)M0a (Cisco IOS), 15.6(3)M1b (Cisco IOS), 15.6(3)M2 (Cisco IOS), 15.6(3)M3 (Cisco IOS), 15.6(3)M3a (Cisco IOS), 15.7(3)M (Cisco IOS), 15.3(3)JAA1 (Cisco IOS), 15.5(1)T2 (Cisco IOS), 15.4(3)M6a (Cisco IOS), 15.4(3)M7 (Cisco IOS), 15.4(3)M6 (Cisco IOS), 15.4(3)M5 (Cisco IOS), 15.4(3)M4 (Cisco IOS), 15.6(3)M6 (Cisco IOS), 15.7(3)M3 (Cisco IOS), 15.8(3)M (Cisco IOS), 15.8(3)M0a (Cisco IOS), 15.5(3)M2a (Cisco IOS), 15.4(3)M (Cisco IOS), 15.4(3)M1 (Cisco IOS), 15.4(3)M2 (Cisco IOS), 15.4(3)M3 (Cisco IOS), 15.4(3)M7a (Cisco IOS), 15.4(3)M8 (Cisco IOS), 15.4(3)M9 (Cisco IOS), 15.4(3)M10 (Cisco IOS), 15.5(3)M7 (Cisco IOS), 15.5(3)M8 (Cisco IOS), 15.6(3)M4 (Cisco IOS), 15.6(3)M5 (Cisco IOS), 15.7(3)M1 (Cisco IOS), 15.7(3)M2 (Cisco IOS), 15.4(1)CG (Cisco IOS), 15.4(2)CG (Cisco IOS), 12.2(60)EZ16 (Cisco IOS), 15.0(2)SG11a (Cisco IOS), 15.5(3)M9 (Cisco IOS), 15.5(3)M10 (Cisco IOS), 15.5(3)M11 (Cisco IOS), 15.6(3)M7 (Cisco IOS), 15.6(3)M6a (Cisco IOS), 15.6(3)M6b (Cisco IOS), 15.6(3)M8 (Cisco IOS), 15.6(3)M9 (Cisco IOS), 15.7(3)M4 (Cisco IOS), 15.7(3)M5 (Cisco IOS), 15.7(3)M4a (Cisco IOS), 15.7(3)M4b (Cisco IOS), 15.7(3)M6 (Cisco IOS), 15.7(3)M7 (Cisco IOS), 15.8(3)M1 (Cisco IOS), 15.8(3)M2 (Cisco IOS), 15.8(3)M3 (Cisco IOS), 15.8(3)M2a (Cisco IOS), 15.8(3)M4 (Cisco IOS), 15.8(3)M3a (Cisco IOS), 15.8(3)M3b (Cisco IOS), 15.8(3)M5 (Cisco IOS), 15.9(3)M (Cisco IOS), 15.9(3)M0a (Cisco IOS), 15.3(3)JPJ (Cisco IOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02886",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-3199",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS 15.6(1)T0a , Cisco Systems Inc. Cisco IOS 15.5(3)M , Cisco Systems Inc. Cisco IOS 15.5(1)T , Cisco Systems Inc. Cisco IOS 15.5(2)T , Cisco Systems Inc. Cisco IOS 15.5(1)T3 , Cisco Systems Inc. Cisco IOS 15.5(2)T1 , Cisco Systems Inc. Cisco IOS 15.5(2)T2 , Cisco Systems Inc. Cisco IOS 15.5(2)T3 , Cisco Systems Inc. Cisco IOS 15.5(2)T4 , Cisco Systems Inc. Cisco IOS 15.5(1)T4 , Cisco Systems Inc. Cisco IOS 15.5(3)M1 , Cisco Systems Inc. Cisco IOS 15.5(3)M0a , Cisco Systems Inc. Cisco IOS 15.5(3)M2 , Cisco Systems Inc. Cisco IOS 15.5(3)M3 , Cisco Systems Inc. Cisco IOS 15.5(3)M4 , Cisco Systems Inc. Cisco IOS 15.5(3)M4a , Cisco Systems Inc. Cisco IOS 15.5(3)M5 , Cisco Systems Inc. Cisco IOS 15.5(3)M6 , Cisco Systems Inc. Cisco IOS 15.5(3)M6a , Cisco Systems Inc. Cisco IOS 15.6(1)T , Cisco Systems Inc. Cisco IOS 15.6(2)T , Cisco Systems Inc. Cisco IOS 15.6(1)T1 , Cisco Systems Inc. Cisco IOS 15.6(2)T1 , Cisco Systems Inc. Cisco IOS 15.6(1)T2 , Cisco Systems Inc. Cisco IOS 15.6(2)T2 , Cisco Systems Inc. Cisco IOS 15.6(1)T3 , Cisco Systems Inc. Cisco IOS 15.6(2)T3 , Cisco Systems Inc. Cisco IOS 15.6(3)M , Cisco Systems Inc. Cisco IOS 15.6(3)M1 , Cisco Systems Inc. Cisco IOS 15.6(3)M0a , Cisco Systems Inc. Cisco IOS 15.6(3)M1b , Cisco Systems Inc. Cisco IOS 15.6(3)M2 , Cisco Systems Inc. Cisco IOS 15.6(3)M3 , Cisco Systems Inc. Cisco IOS 15.6(3)M3a , Cisco Systems Inc. Cisco IOS 15.7(3)M , Cisco Systems Inc. Cisco IOS 15.3(3)JAA1 , Cisco Systems Inc. Cisco IOS 15.5(1)T2 , Cisco Systems Inc. Cisco IOS 15.4(3)M6a , Cisco Systems Inc. Cisco IOS 15.4(3)M7 , Cisco Systems Inc. Cisco IOS 15.4(3)M6 , Cisco Systems Inc. Cisco IOS 15.4(3)M5 , Cisco Systems Inc. Cisco IOS 15.4(3)M4 , Cisco Systems Inc. Cisco IOS 15.6(3)M6 , Cisco Systems Inc. Cisco IOS 15.7(3)M3 , Cisco Systems Inc. Cisco IOS 15.8(3)M , Cisco Systems Inc. Cisco IOS 15.8(3)M0a , Cisco Systems Inc. Cisco IOS 15.5(3)M2a , Cisco Systems Inc. Cisco IOS 15.4(3)M , Cisco Systems Inc. Cisco IOS 15.4(3)M1 , Cisco Systems Inc. Cisco IOS 15.4(3)M2 , Cisco Systems Inc. Cisco IOS 15.4(3)M3 , Cisco Systems Inc. Cisco IOS 15.4(3)M7a , Cisco Systems Inc. Cisco IOS 15.4(3)M8 , Cisco Systems Inc. Cisco IOS 15.4(3)M9 , Cisco Systems Inc. Cisco IOS 15.4(3)M10 , Cisco Systems Inc. Cisco IOS 15.5(3)M7 , Cisco Systems Inc. Cisco IOS 15.5(3)M8 , Cisco Systems Inc. Cisco IOS 15.6(3)M4 , Cisco Systems Inc. Cisco IOS 15.6(3)M5 , Cisco Systems Inc. Cisco IOS 15.7(3)M1 , Cisco Systems Inc. Cisco IOS 15.7(3)M2 , Cisco Systems Inc. Cisco IOS 15.4(1)CG , Cisco Systems Inc. Cisco IOS 15.4(2)CG , Cisco Systems Inc. Cisco IOS 12.2(60)EZ16 , Cisco Systems Inc. Cisco IOS 15.0(2)SG11a , Cisco Systems Inc. Cisco IOS 15.5(3)M9 , Cisco Systems Inc. Cisco IOS 15.5(3)M10 , Cisco Systems Inc. Cisco IOS 15.5(3)M11 , Cisco Systems Inc. Cisco IOS 15.6(3)M7 , Cisco Systems Inc. Cisco IOS 15.6(3)M6a , Cisco Systems Inc. Cisco IOS 15.6(3)M6b , Cisco Systems Inc. Cisco IOS 15.6(3)M8 , Cisco Systems Inc. Cisco IOS 15.6(3)M9 , Cisco Systems Inc. Cisco IOS 15.7(3)M4 , Cisco Systems Inc. Cisco IOS 15.7(3)M5 , Cisco Systems Inc. Cisco IOS 15.7(3)M4a , Cisco Systems Inc. Cisco IOS 15.7(3)M4b , Cisco Systems Inc. Cisco IOS 15.7(3)M6 , Cisco Systems Inc. Cisco IOS 15.7(3)M7 , Cisco Systems Inc. Cisco IOS 15.8(3)M1 , Cisco Systems Inc. Cisco IOS 15.8(3)M2 , Cisco Systems Inc. Cisco IOS 15.8(3)M3 , Cisco Systems Inc. Cisco IOS 15.8(3)M2a , Cisco Systems Inc. Cisco IOS 15.8(3)M4 , Cisco Systems Inc. Cisco IOS 15.8(3)M3a , Cisco Systems Inc. Cisco IOS 15.8(3)M3b , Cisco Systems Inc. Cisco IOS 15.8(3)M5 , Cisco Systems Inc. Cisco IOS 15.9(3)M , Cisco Systems Inc. Cisco IOS 15.9(3)M0a , Cisco Systems Inc. Cisco IOS 15.3(3)JPJ ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b IOx \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b IOx \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3199",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

CVE-2020-3199 (GCVE-0-2020-3199)

Vulnerability from cvelistv5 – Published: 2020-06-03 17:45 – Updated: 2024-11-15 17:13

Title

Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities

Summary

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Severity ?

8.1 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-20

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS 12.2(60)EZ16	Affected: n/a

Date Public ?

2020-06-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:28:06.707695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:13:03.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS 12.2(60)EZ16",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:45:18.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
        "defect": [
          [
            "CSCvq68872",
            "CSCvr15042"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3199",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS 12.2(60)EZ16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
          "defect": [
            [
              "CSCvq68872",
              "CSCvr15042"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3199",
    "datePublished": "2020-06-03T17:45:18.614Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-15T17:13:03.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2020-02886

CVE-2020-3199 (GCVE-0-2020-3199)

Tags

Sightings

Nomenclature