CVE-2020-3200Interpretation Conflict in Cisco IOS 12.2 SE

CWE-371CWE-436Interpretation ConflictCWE-787Out-of-bounds WriteCWE-20Improper Input ValidationCWE-125Out-of-bounds ReadCWE-120Classic Buffer Overflow14 documents6 sources
Severity
7.7HIGHNVD
EPSS
0.3%
top 45.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS 12.2 SECisco IOSCisco IOS XE
Timeline
PublishedJun 3
Latest updateMay 24

Description

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition withi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

NVDcisco/ios909 versions+908
NVDcisco/ios_xe289 versions+288

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-m29x-vp4p-2wvp: A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to2022-05-24
CVEList
Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability2020-06-03

📋Vendor Advisories

11
Red Hat
libsolv: Heap overflow2022-02-21
Red Hat
libsolv: Heap overflow2022-02-21
Red Hat
libsolv: Heap overflow2022-02-21
Red Hat
libsolv: Heap overflow2022-02-21
Red Hat
libsolv: Heap overflow2022-02-21
CVE-2020-3200 — Interpretation Conflict in Cisco | cvebase