CVE-2020-3198Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS 12.2 Ez16

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
9.3%
top 7.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS 12.2 Ez16Cisco IOS
Timeline
PublishedJun 3
Latest updateMay 24

Description

Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios83 versions+82

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-xrh6-v283-w8g7: Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Co2022-05-24
CVEList
Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities2020-06-03

📋Vendor Advisories

1
Cisco
Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities2020-06-03
CVE-2020-3198 — Cisco IOS 12.2 Ez16 vulnerability | cvebase