CVE-2020-3232 — Cisco ASR 920 Series Aggregation Services Router vulnerability

CWE-194 documents4 sources

Severity

7.7HIGHNVD

EPSS

0.3%

top 44.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco ASR 920 Series Aggregation Services Router Cisco IOS XE

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the att…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5cisco/cisco_asr_920_series_aggregation_services_routern/a

▶NVDcisco/ios_xe57 versions+56

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-jg2q-fxw2-f6wc: A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-↗2022-05-24

▶

CVEList

Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Cisco

Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability↗2020-06-03

▶