Lucene search

CiscoCVELIST:CVE-2020-3465

HistorySep 24, 2020 - 5:53 p.m.

CVE-2020-3465 Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability

2020-09-2417:53:07

CWE-20

cisco

www.cve.org

cisco

ios xe software

ethernet frame

denial of service

vulnerability

unauthenticated

adjacent attacker

device reload

incorrect handling

ethernet frames

exploit

CVSS3

7.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

CNA Affected

[
  {
    "product": "Cisco IOS XE Software 16.8.1",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625

CVSS3

7.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

25.0%

JSON

Related for CVELIST:CVE-2020-3465