Lucene search

[email protected]CVE-2020-3235

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3235

2020-06-0318:15:21

CWE-118

CWE-20

[email protected]

web.nvd.nist.gov

cisco

ios software

ios xe software

catalyst 4500 series

snmp

vulnerability

dos

nvd

cve-2020-3235

6.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.8%

JSON

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

Affected configurations

NVD

Node

ciscoiosMatch12.2\(52\)sg

ciscoiosMatch12.2\(53\)sg1

ciscoiosMatch12.2\(53\)sg2

ciscoiosMatch12.2\(53\)sg3

ciscoiosMatch12.2\(53\)sg4

ciscoiosMatch12.2\(53\)sg5

ciscoiosMatch12.2\(53\)sg6

ciscoiosMatch12.2\(53\)sg7

ciscoiosMatch12.2\(53\)sg8

ciscoiosMatch12.2\(53\)sg9

ciscoiosMatch12.2\(53\)sg10

ciscoiosMatch12.2\(53\)sg11

ciscoiosMatch12.2\(54\)sg

ciscoiosMatch12.2\(54\)sg1

ciscoiosMatch12.2\(54\)wo

ciscoiosMatch15.0\(1\)ey

ciscoiosMatch15.0\(1\)ey2

ciscoiosMatch15.0\(1\)xo

ciscoiosMatch15.0\(1\)xo1

ciscoiosMatch15.0\(2\)ex2

ciscoiosMatch15.0\(2\)ex8

ciscoiosMatch15.0\(2\)sg

ciscoiosMatch15.0\(2\)sg1

ciscoiosMatch15.0\(2\)sg2

ciscoiosMatch15.0\(2\)sg3

ciscoiosMatch15.0\(2\)sg4

ciscoiosMatch15.0\(2\)sg5

ciscoiosMatch15.0\(2\)sg6

ciscoiosMatch15.0\(2\)sg7

ciscoiosMatch15.0\(2\)sg8

ciscoiosMatch15.0\(2\)sg9

ciscoiosMatch15.0\(2\)sg10

ciscoiosMatch15.0\(2\)sg11

ciscoiosMatch15.0\(2\)xo

ciscoiosMatch15.1\(1\)sg

ciscoiosMatch15.1\(1\)sg1

ciscoiosMatch15.1\(1\)sg2

ciscoiosMatch15.1\(2\)sg

ciscoiosMatch15.1\(2\)sg1

ciscoiosMatch15.1\(2\)sg2

ciscoiosMatch15.1\(2\)sg3

ciscoiosMatch15.1\(2\)sg4

ciscoiosMatch15.1\(2\)sg5

ciscoiosMatch15.1\(2\)sg6

ciscoiosMatch15.1\(2\)sg7

ciscoiosMatch15.1\(2\)sg8

ciscoiosMatch15.2\(1\)e

ciscoiosMatch15.2\(1\)e1

ciscoiosMatch15.2\(1\)e3

ciscoiosMatch15.2\(2\)e

ciscoiosMatch15.2\(2\)e1

ciscoiosMatch15.2\(2\)e2

ciscoiosMatch15.2\(2\)e3

ciscoiosMatch15.2\(2\)e4

ciscoiosMatch15.2\(2\)e5

ciscoiosMatch15.2\(2\)e5a

ciscoiosMatch15.2\(2\)e5b

ciscoiosMatch15.2\(2\)e6

ciscoiosMatch15.2\(2\)e7

ciscoiosMatch15.2\(2\)e7b

ciscoiosMatch15.2\(2\)e8

ciscoiosMatch15.2\(2\)e9

ciscoiosMatch15.2\(2\)e9a

ciscoiosMatch15.2\(2\)e10

ciscoiosMatch15.2\(2b\)e

ciscoiosMatch15.2\(3\)e

ciscoiosMatch15.2\(3\)e1

ciscoiosMatch15.2\(3\)e2

ciscoiosMatch15.2\(3\)e3

ciscoiosMatch15.2\(3\)e4

ciscoiosMatch15.2\(3\)e5

ciscoiosMatch15.2\(4\)e

ciscoiosMatch15.2\(4\)e1

ciscoiosMatch15.2\(4\)e2

ciscoiosMatch15.2\(4\)e3

ciscoiosMatch15.2\(4\)e4

ciscoiosMatch15.2\(4\)e5

ciscoiosMatch15.2\(4\)e5a

ciscoiosMatch15.2\(4\)e6

ciscoiosMatch15.2\(4\)e7

ciscoiosMatch15.2\(4\)e8

ciscoiosMatch15.3\(3\)jpj

ciscoios_xeMatch3.2.0sg

ciscoios_xeMatch3.2.1sg

ciscoios_xeMatch3.2.2sg

ciscoios_xeMatch3.2.3sg

ciscoios_xeMatch3.2.4sg

ciscoios_xeMatch3.2.5sg

ciscoios_xeMatch3.2.6sg

ciscoios_xeMatch3.2.7sg

ciscoios_xeMatch3.2.8sg

ciscoios_xeMatch3.2.9sg

ciscoios_xeMatch3.2.10sg

ciscoios_xeMatch3.2.11sg

ciscoios_xeMatch3.3.0sg

ciscoios_xeMatch3.3.0xo

ciscoios_xeMatch3.3.1sg

ciscoios_xeMatch3.3.1xo

ciscoios_xeMatch3.3.2sg

ciscoios_xeMatch3.3.2xo

ciscoios_xeMatch3.4.0sg

ciscoios_xeMatch3.4.1sg

ciscoios_xeMatch3.4.2sg

ciscoios_xeMatch3.4.3sg

ciscoios_xeMatch3.4.4sg

ciscoios_xeMatch3.4.5sg

ciscoios_xeMatch3.4.6sg

ciscoios_xeMatch3.4.7sg

ciscoios_xeMatch3.4.8sg

ciscoios_xeMatch3.5.0e

ciscoios_xeMatch3.5.1e

ciscoios_xeMatch3.5.2e

ciscoios_xeMatch3.5.3e

ciscoios_xeMatch3.6.0be

ciscoios_xeMatch3.6.0e

ciscoios_xeMatch3.6.1e

ciscoios_xeMatch3.6.3e

ciscoios_xeMatch3.6.4e

ciscoios_xeMatch3.6.5ae

ciscoios_xeMatch3.6.5be

ciscoios_xeMatch3.6.5e

ciscoios_xeMatch3.6.6e

ciscoios_xeMatch3.6.7e

ciscoios_xeMatch3.6.8e

ciscoios_xeMatch3.6.9e

ciscoios_xeMatch3.6.10e

ciscoios_xeMatch3.7.0e

ciscoios_xeMatch3.7.1e

ciscoios_xeMatch3.7.2e

ciscoios_xeMatch3.7.3e

ciscoios_xeMatch3.8.0e

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch3.8.2e

ciscoios_xeMatch3.8.3e

ciscoios_xeMatch3.8.4e

ciscoios_xeMatch3.8.5ae

ciscoios_xeMatch3.8.5e

ciscoios_xeMatch3.8.6e

ciscoios_xeMatch3.8.7e

ciscoios_xeMatch3.8.8e

ciscoios_xeMatch3.9.0e

ciscoios_xeMatch3.9.1e

ciscoios_xeMatch3.9.2be

ciscoios_xeMatch3.9.2e

ciscoios_xeMatch3.10.0ce

ciscoios_xeMatch3.10.0e

ciscoios_xeMatch3.10.1ae

ciscoios_xeMatch3.10.1e

ciscoios_xeMatch3.10.1se

ciscoios_xeMatch3.10.2e

AND

ciscocatalyst_4503-e

ciscocatalyst_4506-eMatch-

ciscocatalyst_4507r\+eMatch-

ciscocatalyst_4510r\+eMatch-

Node

oraclegoldengate_management_packMatch12.2.1.2.0

CPENameOperatorVersion
cisco:ioscisco ioseq12.2\(52\)sg
cisco:ioscisco ioseq12.2\(53\)sg1
cisco:ioscisco ioseq12.2\(53\)sg2
cisco:ioscisco ioseq12.2\(53\)sg3
cisco:ioscisco ioseq12.2\(53\)sg4
cisco:ioscisco ioseq12.2\(53\)sg5
cisco:ioscisco ioseq12.2\(53\)sg6
cisco:ioscisco ioseq12.2\(53\)sg7
cisco:ioscisco ioseq12.2\(53\)sg8
cisco:ioscisco ioseq12.2\(53\)sg9

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	12.2\(52\)sg
cisco:ios	cisco ios	eq	12.2\(53\)sg1
cisco:ios	cisco ios	eq	12.2\(53\)sg2
cisco:ios	cisco ios	eq	12.2\(53\)sg3
cisco:ios	cisco ios	eq	12.2\(53\)sg4
cisco:ios	cisco ios	eq	12.2\(53\)sg5
cisco:ios	cisco ios	eq	12.2\(53\)sg6
cisco:ios	cisco ios	eq	12.2\(53\)sg7
cisco:ios	cisco ios	eq	12.2\(53\)sg8
cisco:ios	cisco ios	eq	12.2\(53\)sg9

Rows per page:

1-10 of 1501

CNA Affected

[
  {
    "product": "Cisco IOS 12.2(53)SG1",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5

www.oracle.com/security-alerts/cpuoct2020.html

6.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.8%

JSON

Related for CVE-2020-3235

nvd1 nessus2 prion1 cvelist1 cisco1 oracle1