cvelistv5 - cve-2020-3221

CVE-2020-3221 (GCVE-0-2020-3221)

Vulnerability from cvelistv5 – Published: 2020-06-03 17:41 – Updated: 2024-11-15 17:15

Summary

Severity ?

8.6 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software 16.10.1	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3221",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:21:17.324756Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:15:52.183Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software 16.10.1",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-03T17:41:45",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxe-fnfv9-dos-HND6Fc9u",
        "defect": [
          [
            "CSCvo68398"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-03T16:00:00",
          "ID": "CVE-2020-3221",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software 16.10.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.6",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-iosxe-fnfv9-dos-HND6Fc9u",
          "defect": [
            [
              "CSCvo68398"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3221",
    "datePublished": "2020-06-03T17:41:45.841498Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:15:52.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB6BD18B-B9BD-452F-986E-16A6668E46B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D136D2BC-FFB5-4912-A3B1-BD96148CB9A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADED0D82-2A4D-4235-BFAC-5EE2D862B652\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A443E93-6C4B-4F86-BA7C-7C2A929E795A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E91F8704-6DAD-474A-84EA-04E4AF7BB9B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"314C7763-A64D-4023-9F3F-9A821AE4151F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5820D71D-FC93-45AA-BC58-A26A1A39C936\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC1C85DD-69CC-4AA8-B219-651D57FC3506\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C98DED36-D4B5-48D6-964E-EEEE97936700\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD98C9E8-3EA6-4160-970D-37C389576516\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9027A528-2588-4C06-810B-5BB313FE4323\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7745ED34-D59D-49CC-B174-96BCA03B3374\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B9ED0E5-CB20-4106-9CF2-8EB587B33543\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B0E620C-8E09-4F7C-A326-26013173B993\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF93F1C8-669F-4ECB-8D81-ECDA7B550175\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E0BA345-B7D7-4975-9199-4DC7875BBFD0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA0BC769-C244-41BD-BE80-E67F4E1CDDA4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el procesador de paquetes Flexible NetFlow Versi\\u00f3n 9 de Cisco IOS XE Software para los controladores inal\\u00e1mbricos Cisco Catalyst serie 9800, podr\\u00eda permitir a un atacante remoto no autenticado causar una condici\\u00f3n de denegaci\\u00f3n de servicio (DoS) sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\\u00f3n inapropiada de los par\\u00e1metros en un registro de Flexible NetFlow Version 9. Un atacante podr\\u00eda explotar esta vulnerabilidad mediante el env\\u00edo de un paquete de Flexible NetFlow Version 9 malformado hacia el puerto Control and Provisioning of Wireless Access Points (CAPWAP) de un dispositivo afectado. Una explotaci\\u00f3n podr\\u00eda permitir al atacante activar un bucle infinito, resultando en un bloqueo del proceso que causar\\u00eda una recarga del dispositivo.\"}]",
      "id": "CVE-2020-3221",
      "lastModified": "2024-11-21T05:30:35.537",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-03T18:15:20.103",
      "references": "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3221\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2020-06-03T18:15:20.103\",\"lastModified\":\"2024-11-21T05:30:35.537\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el procesador de paquetes Flexible NetFlow Versi\u00f3n 9 de Cisco IOS XE Software para los controladores inal\u00e1mbricos Cisco Catalyst serie 9800, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de los par\u00e1metros en un registro de Flexible NetFlow Version 9. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete de Flexible NetFlow Version 9 malformado hacia el puerto Control and Provisioning of Wireless Access Points (CAPWAP) de un dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante activar un bucle infinito, resultando en un bloqueo del proceso que causar\u00eda una recarga del dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV30\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6BD18B-B9BD-452F-986E-16A6668E46B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D136D2BC-FFB5-4912-A3B1-BD96148CB9A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADED0D82-2A4D-4235-BFAC-5EE2D862B652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A443E93-6C4B-4F86-BA7C-7C2A929E795A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E91F8704-6DAD-474A-84EA-04E4AF7BB9B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314C7763-A64D-4023-9F3F-9A821AE4151F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5820D71D-FC93-45AA-BC58-A26A1A39C936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1C85DD-69CC-4AA8-B219-651D57FC3506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98DED36-D4B5-48D6-964E-EEEE97936700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD98C9E8-3EA6-4160-970D-37C389576516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027A528-2588-4C06-810B-5BB313FE4323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7745ED34-D59D-49CC-B174-96BCA03B3374\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B9ED0E5-CB20-4106-9CF2-8EB587B33543\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B0E620C-8E09-4F7C-A326-26013173B993\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF93F1C8-669F-4ECB-8D81-ECDA7B550175\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E0BA345-B7D7-4975-9199-4DC7875BBFD0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA0BC769-C244-41BD-BE80-E67F4E1CDDA4\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"name\": \"20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:30:57.790Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3221\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:21:17.324756Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:21:51.389Z\"}}], \"cna\": {\"title\": \"Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCvo68398\"]], \"advisory\": \"cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XE Software 16.10.1\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2020-06-03T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"name\": \"20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-06-03T17:41:45\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.6\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvo68398\"]], \"advisory\": \"cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS XE Software 16.10.1\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\", \"name\": \"20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3221\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-06-03T16:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-3221\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:15:52.183Z\", \"dateReserved\": \"2019-12-12T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-06-03T17:41:45.841498Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-340

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IOx sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables)
Cisco	IOS	Cisco IOS pour routeurs Cisco séries CGR1000 sans le dernier correctif de sécurité
Cisco	NX-OS	Cisco NX-OS sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables)
Cisco	IOS XE	Cisco IOS et IOS XE sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables)
Cisco	IOS	Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de sécurité
Cisco	IOS XR	Cisco IOS XR versions 5.2 et 5.3

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IOx sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS pour routeurs Cisco s\u00e9ries CGR1000 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS et IOS XE sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XR versions 5.2 et 5.3",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3211"
    },
    {
      "name": "CVE-2020-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3257"
    },
    {
      "name": "CVE-2020-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3212"
    },
    {
      "name": "CVE-2020-3205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3205"
    },
    {
      "name": "CVE-2020-3218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3218"
    },
    {
      "name": "CVE-2020-3200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3200"
    },
    {
      "name": "CVE-2020-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3234"
    },
    {
      "name": "CVE-2020-3229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3229"
    },
    {
      "name": "CVE-2020-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3217"
    },
    {
      "name": "CVE-2020-3208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3208"
    },
    {
      "name": "CVE-2020-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3235"
    },
    {
      "name": "CVE-2020-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3219"
    },
    {
      "name": "CVE-2020-3230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3230"
    },
    {
      "name": "CVE-2020-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3209"
    },
    {
      "name": "CVE-2020-3258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3258"
    },
    {
      "name": "CVE-2020-3199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3199"
    },
    {
      "name": "CVE-2020-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3227"
    },
    {
      "name": "CVE-2020-3203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3203"
    },
    {
      "name": "CVE-2020-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3210"
    },
    {
      "name": "CVE-2020-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3198"
    },
    {
      "name": "CVE-2020-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3225"
    },
    {
      "name": "CVE-2020-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3224"
    },
    {
      "name": "CVE-2020-3238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3238"
    },
    {
      "name": "CVE-2020-3221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3221"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-340",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-04T00:00:00.000000"
    },
    {
      "description": "Correction de la date de certains avis.",
      "revision_date": "2020-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
    }
  ]
}

CERTFR-2020-AVI-340

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IOx sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables)
Cisco	IOS	Cisco IOS pour routeurs Cisco séries CGR1000 sans le dernier correctif de sécurité
Cisco	NX-OS	Cisco NX-OS sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables)
Cisco	IOS XE	Cisco IOS et IOS XE sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables)
Cisco	IOS	Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de sécurité
Cisco	IOS XR	Cisco IOS XR versions 5.2 et 5.3

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IOx sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS pour routeurs Cisco s\u00e9ries CGR1000 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco NX-OS sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
      "product": {
        "name": "NX-OS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS et IOS XE sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XR versions 5.2 et 5.3",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3211"
    },
    {
      "name": "CVE-2020-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3257"
    },
    {
      "name": "CVE-2020-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3212"
    },
    {
      "name": "CVE-2020-3205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3205"
    },
    {
      "name": "CVE-2020-3218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3218"
    },
    {
      "name": "CVE-2020-3200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3200"
    },
    {
      "name": "CVE-2020-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3234"
    },
    {
      "name": "CVE-2020-3229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3229"
    },
    {
      "name": "CVE-2020-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3217"
    },
    {
      "name": "CVE-2020-3208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3208"
    },
    {
      "name": "CVE-2020-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3235"
    },
    {
      "name": "CVE-2020-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3219"
    },
    {
      "name": "CVE-2020-3230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3230"
    },
    {
      "name": "CVE-2020-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3209"
    },
    {
      "name": "CVE-2020-3258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3258"
    },
    {
      "name": "CVE-2020-3199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3199"
    },
    {
      "name": "CVE-2020-3227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3227"
    },
    {
      "name": "CVE-2020-3203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3203"
    },
    {
      "name": "CVE-2020-3210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3210"
    },
    {
      "name": "CVE-2020-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3198"
    },
    {
      "name": "CVE-2020-3225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3225"
    },
    {
      "name": "CVE-2020-3224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3224"
    },
    {
      "name": "CVE-2020-3238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3238"
    },
    {
      "name": "CVE-2020-3221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3221"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-340",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-04T00:00:00.000000"
    },
    {
      "description": "Correction de la date de certains avis.",
      "revision_date": "2020-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
    }
  ]
}

GSD-2020-3221

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-3221

Aliases

CVE-2020-3221

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3221",
    "description": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.",
    "id": "GSD-2020-3221"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3221"
      ],
      "details": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.",
      "id": "GSD-2020-3221",
      "modified": "2023-12-13T01:22:09.948925Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2020-06-03T16:00:00",
        "ID": "CVE-2020-3221",
        "STATE": "PUBLIC",
        "TITLE": "Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco IOS XE Software 16.10.1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "8.6",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-iosxe-fnfv9-dos-HND6Fc9u",
        "defect": [
          [
            "CSCvo68398"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2020-3221"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200603 Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2021-09-17T18:41Z",
      "publishedDate": "2020-06-03T18:15Z"
    }
  }
}

CISCO-SA-IOSXE-FNFV9-DOS-HND6FC9U

Vulnerability from csaf_cisco - Published: 2020-06-03 16:00 - Updated: 2020-06-03 16:00

Summary

Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability

Notes

Summary

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"] This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [" https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-73388"].

Vulnerable Products

This vulnerability affects Cisco Catalyst 9800 Series Wireless Controllers that are running a vulnerable release of Cisco IOS XE Software and have the Application Visibility and Control (AVC) feature enabled. For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine Whether AVC Is Configured To determine whether the AVC feature is configured, administrators can use one of the following options: Option 1: GUI Log in to the web-based management interface, navigate to Configuration > Services > Application Visibility, and check for any enabled profiles. If any profile is enabled, the AVC feature is configured. Option 2: CLI Administrators can also use the show running-config | section flow|wireless profile command on the CLI and look for whether all of the following are configured: A flow monitor An active WLAN policy profile invoking such flow monitor The following example shows the output of the show running-config | section flow|wireless profile command on a device that has flow monitor fm configured and on which the active WLAN policy profile default-policy-profile invokes flow monitor fm for ingress ("input") traffic: ios-xe#show running-config | section flow|wireless profile flow monitor fm record rec . . . wireless profile policy default-policy-profile . . . ipv4 flow monitor fm input . . . no shutdown Note: The device would also be vulnerable if the flow monitor were invoked for egress ("output") traffic only or for both ingress and egress traffic.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Catalyst 9800 Embedded Wireless Controller Software for Cisco Catalyst 9300 or 9500 Series Switches IOS Software IOS XR Software NX-OS Software Wireless LAN Controller (WLC) Software

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"] Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”). Customers can use the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to search advisories in the following ways: Choose the software and one or more releases Upload a .txt file that includes a list of specific releases Enter the output of the show version command After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication. Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S: By default, the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search. For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"], Cisco IOS XE 3S Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"], or Cisco IOS XE 3SG Release Notes ["https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"], depending on the Cisco IOS XE Software release.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

This vulnerability was found by Mathieu Monney of Cisco during internal security testing.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "This vulnerability was found by Mathieu Monney of Cisco during internal security testing."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.\r\n\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u\"]\r\n\r\n\r\nThis advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\" https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-73388\"].",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects Cisco Catalyst 9800 Series Wireless Controllers that are running a vulnerable release of Cisco IOS XE Software and have the Application Visibility and Control (AVC) feature enabled.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n  Determine Whether AVC Is Configured\r\nTo determine whether the AVC feature is configured, administrators can use one of the following options:\r\n  Option 1: GUI\r\nLog in to the web-based management interface, navigate to Configuration \u003e Services \u003e Application Visibility, and check for any enabled profiles. If any profile is enabled, the AVC feature is configured.\r\n  Option 2: CLI\r\nAdministrators can also use the show running-config | section flow|wireless profile command on the CLI and look for whether all of the following are configured:\r\n\r\nA flow monitor\r\nAn active WLAN policy profile invoking such flow monitor\r\n\r\nThe following example shows the output of the show running-config | section flow|wireless profile command on a device that has flow monitor fm configured and on which the active WLAN policy profile default-policy-profile invokes flow monitor fm for ingress (\"input\") traffic:\r\n\r\n\r\nios-xe#show running-config | section flow|wireless profile\r\nflow monitor fm\r\nrecord rec\r\n.\r\n.\r\n.\r\nwireless profile policy default-policy-profile\r\n.\r\n.\r\n.\r\nipv4 flow monitor fm input\r\n.\r\n.\r\n.\r\nno shutdown\r\n\r\nNote: The device would also be vulnerable if the flow monitor were invoked for egress (\"output\") traffic only or for both ingress and egress traffic.",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nCatalyst 9800 Embedded Wireless Controller Software for Cisco Catalyst 9300 or 9500 Series Switches\r\nIOS Software\r\nIOS XR Software\r\nNX-OS Software\r\nWireless LAN Controller (WLC) Software",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n  Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:\r\nhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n\r\n\r\n                        Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (\u201cFirst Fixed\u201d). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (\u201cCombined First Fixed\u201d).\r\n\r\nCustomers can use the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to search advisories in the following ways:\r\n\r\nChoose the software and one or more releases\r\nUpload a .txt file that includes a list of specific releases\r\nEnter the output of the show version command\r\n\r\nAfter initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.\r\n\r\nCustomers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release\u2014for example, 15.1(4)M2 or 3.13.8S:\r\n\r\n\r\n\r\nBy default, the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.\r\n\r\nFor a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes [\"https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032\"], Cisco IOS XE 3S Release Notes [\"https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754\"], or Cisco IOS XE 3SG Release Notes [\"https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252\"], depending on the Cisco IOS XE Software release.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "This vulnerability was found by Mathieu Monney of Cisco during internal security testing.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
      },
      {
        "category": "external",
        "summary": "Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication",
        "url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-73388"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
      },
      {
        "category": "external",
        "summary": "Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication",
        "url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-73388"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html",
        "url": "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories and Alerts page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Software Checker",
        "url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Software Checker",
        "url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Software Checker",
        "url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;IOS XE 2 Release Notes",
        "url": "https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;IOS XE 3S Release Notes",
        "url": "https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;IOS XE 3SG Release Notes",
        "url": "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      }
    ],
    "title": "Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability",
    "tracking": {
      "current_release_date": "2020-06-03T16:00:00+00:00",
      "generator": {
        "date": "2022-09-03T03:02:30+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-iosxe-fnfv9-dos-HND6Fc9u",
      "initial_release_date": "2020-06-03T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2020-04-30T18:45:14+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "16.10.1",
                    "product": {
                      "name": "16.10.1",
                      "product_id": "CSAFPID-225858"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.10.1a",
                    "product": {
                      "name": "16.10.1a",
                      "product_id": "CSAFPID-250629"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.10.1b",
                    "product": {
                      "name": "16.10.1b",
                      "product_id": "CSAFPID-252045"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.10.1s",
                    "product": {
                      "name": "16.10.1s",
                      "product_id": "CSAFPID-252913"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.10.1e",
                    "product": {
                      "name": "16.10.1e",
                      "product_id": "CSAFPID-257955"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.10.2",
                    "product": {
                      "name": "16.10.2",
                      "product_id": "CSAFPID-260917"
                    }
                  }
                ],
                "category": "product_version",
                "name": "16.10"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "16.11.1",
                    "product": {
                      "name": "16.11.1",
                      "product_id": "CSAFPID-227918"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.11.1a",
                    "product": {
                      "name": "16.11.1a",
                      "product_id": "CSAFPID-252271"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.11.1b",
                    "product": {
                      "name": "16.11.1b",
                      "product_id": "CSAFPID-260741"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.11.2",
                    "product": {
                      "name": "16.11.2",
                      "product_id": "CSAFPID-261240"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.11.1s",
                    "product": {
                      "name": "16.11.1s",
                      "product_id": "CSAFPID-261465"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.11.1c",
                    "product": {
                      "name": "16.11.1c",
                      "product_id": "CSAFPID-264096"
                    }
                  }
                ],
                "category": "product_version",
                "name": "16.11"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "16.12.1",
                    "product": {
                      "name": "16.12.1",
                      "product_id": "CSAFPID-227920"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1s",
                    "product": {
                      "name": "16.12.1s",
                      "product_id": "CSAFPID-265735"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1a",
                    "product": {
                      "name": "16.12.1a",
                      "product_id": "CSAFPID-265841"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1c",
                    "product": {
                      "name": "16.12.1c",
                      "product_id": "CSAFPID-267110"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1w",
                    "product": {
                      "name": "16.12.1w",
                      "product_id": "CSAFPID-267240"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1y",
                    "product": {
                      "name": "16.12.1y",
                      "product_id": "CSAFPID-271938"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1x",
                    "product": {
                      "name": "16.12.1x",
                      "product_id": "CSAFPID-273649"
                    }
                  },
                  {
                    "category": "service_pack",
                    "name": "16.12.1t",
                    "product": {
                      "name": "16.12.1t",
                      "product_id": "CSAFPID-274832"
                    }
                  }
                ],
                "category": "product_version",
                "name": "16.12"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.9.7b",
                    "product": {
                      "name": "17.9.7b",
                      "product_id": "CSAFPID-306388"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.9"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.12.5c",
                    "product": {
                      "name": "17.12.5c",
                      "product_id": "CSAFPID-306389"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.12"
              },
              {
                "branches": [
                  {
                    "category": "service_pack",
                    "name": "17.11.99SW",
                    "product": {
                      "name": "17.11.99SW",
                      "product_id": "CSAFPID-296860"
                    }
                  }
                ],
                "category": "product_version",
                "name": "17.11SW"
              }
            ],
            "category": "product_family",
            "name": "Cisco IOS XE Software"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-3221",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCvo68398"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-225858",
          "CSAFPID-227918",
          "CSAFPID-227920",
          "CSAFPID-250629",
          "CSAFPID-252045",
          "CSAFPID-252271",
          "CSAFPID-252913",
          "CSAFPID-257955",
          "CSAFPID-260741",
          "CSAFPID-260917",
          "CSAFPID-261240",
          "CSAFPID-261465",
          "CSAFPID-264096",
          "CSAFPID-265735",
          "CSAFPID-265841",
          "CSAFPID-267110",
          "CSAFPID-267240",
          "CSAFPID-271938",
          "CSAFPID-273649",
          "CSAFPID-274832",
          "CSAFPID-296860",
          "CSAFPID-306388",
          "CSAFPID-306389"
        ]
      },
      "release_date": "2020-06-03T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-225858",
            "CSAFPID-227918",
            "CSAFPID-227920",
            "CSAFPID-250629",
            "CSAFPID-252045",
            "CSAFPID-252271",
            "CSAFPID-252913",
            "CSAFPID-257955",
            "CSAFPID-260741",
            "CSAFPID-260917",
            "CSAFPID-261240",
            "CSAFPID-261465",
            "CSAFPID-264096",
            "CSAFPID-265735",
            "CSAFPID-265841",
            "CSAFPID-267110",
            "CSAFPID-267240",
            "CSAFPID-271938",
            "CSAFPID-273649",
            "CSAFPID-274832",
            "CSAFPID-296860",
            "CSAFPID-306388",
            "CSAFPID-306389"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-225858",
            "CSAFPID-227918",
            "CSAFPID-227920",
            "CSAFPID-250629",
            "CSAFPID-252045",
            "CSAFPID-252271",
            "CSAFPID-252913",
            "CSAFPID-257955",
            "CSAFPID-260741",
            "CSAFPID-260917",
            "CSAFPID-261240",
            "CSAFPID-261465",
            "CSAFPID-264096",
            "CSAFPID-265735",
            "CSAFPID-265841",
            "CSAFPID-267110",
            "CSAFPID-267240",
            "CSAFPID-271938",
            "CSAFPID-273649",
            "CSAFPID-274832",
            "CSAFPID-296860",
            "CSAFPID-306388",
            "CSAFPID-306389"
          ]
        }
      ],
      "title": "Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability"
    }
  ]
}

GHSA-Q65H-8WRC-FM43

Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 02:52

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-03T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.",
  "id": "GHSA-q65h-8wrc-fm43",
  "modified": "2024-04-04T02:52:31Z",
  "published": "2022-05-24T17:19:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3221"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-31967

Vulnerability from cnvd - Published: 2020-06-09

Title

Cisco Catalyst 9800 Series Wireless Controllers IOS XE输入验证错误漏洞

Description

Cisco IOS XE是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。 Cisco Catalyst 9800 Series Wireless Controllers中的IOS XE的Flexible NetFlow 9版本数据包处理器存在输入验证错误漏洞。攻击者可通过将格式错误的Flexible NetFlow 9版本数据包发送到受影响设备的CAPWAP数据端口利用该漏洞造成无限循环，导致进程崩溃，进而导致设备重新加载。

Severity

高

Patch Name

Cisco Catalyst 9800 Series Wireless Controllers IOS XE输入验证错误漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-3221

Impacted products

Name
Cisco Catalyst 9800 Series Wireless Controllers

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3221"
    }
  },
  "description": "Cisco IOS XE\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco Catalyst 9800 Series Wireless Controllers\u4e2d\u7684IOS XE\u7684Flexible NetFlow 9\u7248\u672c\u6570\u636e\u5305\u5904\u7406\u5668\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u683c\u5f0f\u9519\u8bef\u7684Flexible NetFlow 9\u7248\u672c\u6570\u636e\u5305\u53d1\u9001\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684CAPWAP\u6570\u636e\u7aef\u53e3\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u65e0\u9650\u5faa\u73af\uff0c\u5bfc\u81f4\u8fdb\u7a0b\u5d29\u6e83\uff0c\u8fdb\u800c\u5bfc\u81f4\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-31967",
  "openTime": "2020-06-09",
  "patchDescription": "Cisco IOS XE\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 9800 Series Wireless Controllers\u4e2d\u7684IOS XE\u7684Flexible NetFlow 9\u7248\u672c\u6570\u636e\u5305\u5904\u7406\u5668\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u683c\u5f0f\u9519\u8bef\u7684Flexible NetFlow 9\u7248\u672c\u6570\u636e\u5305\u53d1\u9001\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\u7684CAPWAP\u6570\u636e\u7aef\u53e3\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u65e0\u9650\u5faa\u73af\uff0c\u5bfc\u81f4\u8fdb\u7a0b\u5d29\u6e83\uff0c\u8fdb\u800c\u5bfc\u81f4\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Catalyst 9800 Series Wireless Controllers IOS XE\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Catalyst 9800 Series Wireless Controllers"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3221",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-04",
  "title": "Cisco Catalyst 9800 Series Wireless Controllers IOS XE\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2020-3221

Vulnerability from fkie_nvd - Published: 2020-06-03 18:15 - Updated: 2024-11-21 05:30

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	16.10.1
cisco	ios_xe	16.10.1a
cisco	ios_xe	16.10.1b
cisco	ios_xe	16.10.1e
cisco	ios_xe	16.10.1s
cisco	ios_xe	16.10.2
cisco	ios_xe	16.11.1
cisco	ios_xe	16.11.1a
cisco	ios_xe	16.11.1b
cisco	ios_xe	16.11.1c
cisco	ios_xe	16.11.1s
cisco	ios_xe	16.12.1
cisco	ios_xe	16.12.1a
cisco	ios_xe	16.12.1c
cisco	ios_xe	16.12.1s
cisco	ios_xe	16.12.1t
cisco	catalyst_9800-40	-
cisco	catalyst_9800-80	-
cisco	catalyst_9800-cl	-
cisco	catalyst_9800-l	-
cisco	catalyst_9800-l-c	-
cisco	catalyst_9800-l-f	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A443E93-6C4B-4F86-BA7C-7C2A929E795A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesador de paquetes Flexible NetFlow Versi\u00f3n 9 de Cisco IOS XE Software para los controladores inal\u00e1mbricos Cisco Catalyst serie 9800, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de los par\u00e1metros en un registro de Flexible NetFlow Version 9. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete de Flexible NetFlow Version 9 malformado hacia el puerto Control and Provisioning of Wireless Access Points (CAPWAP) de un dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante activar un bucle infinito, resultando en un bloqueo del proceso que causar\u00eda una recarga del dispositivo."
    }
  ],
  "id": "CVE-2020-3221",
  "lastModified": "2024-11-21T05:30:35.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T18:15:20.103",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-3221 (GCVE-0-2020-3221)

CERTFR-2020-AVI-340

Solution

CERTFR-2020-AVI-340

Solution

GSD-2020-3221

CISCO-SA-IOSXE-FNFV9-DOS-HND6FC9U

GHSA-Q65H-8WRC-FM43

CNVD-2020-31967

FKIE_CVE-2020-3221

Tags

Sightings

Nomenclature