CVE-2020-3225 — Improper Input Validation in Cisco IOS 12.2 SE

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.6HIGHNVD

EPSS

1.0%

top 22.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS 12.2 SE Cisco IOS Cisco IOS XE

Timeline

PublishedJun 3

Latest updateMay 24

Description

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit coul…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

▶NVDcisco/ios244 versions+243

▶NVDcisco/ios_xe34 versions+33

▶CVEListV5cisco/cisco_ios_12.2_sen/a

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-h6c9-q6x7-9r7w: Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could a↗2022-05-24

▶

CVEList

Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities↗2020-06-03

▶