CVE-2020-3230Improper Input Validation in Cisco IOS 15.1 T

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.0%
top 16.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOS 15.1 TCisco IOSCisco IOS XE
Timeline
PublishedJun 3
Latest updateMay 24

Description

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDcisco/ios528 versions+527
NVDcisco/ios_xe264 versions+263
CVEListV5cisco/cisco_ios_15.1_tn/a

🔴Vulnerability Details

2
GHSA
GHSA-wv34-jmmf-4486: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthent2022-05-24
CVEList
Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability2020-06-03

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability2020-06-03
CVE-2020-3230 — Improper Input Validation in Cisco | cvebase