CVE-2020-3205 — Improper Input Validation in Cisco IOS 12.2 Ez16

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 41.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS 12.2 Ez16 Cisco IOS

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerab…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/ios91 versions+90

▶CVEListV5cisco/cisco_ios_12.2_ez16n/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-mx43-m6xq-87pq: A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Indu↗2022-05-24

▶

CVEList

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability↗2020-06-03

▶