CVE-2020-3235 — Range Error in Cisco IOS 12.2 SG1

CWE-118 — Range Error CWE-20 — Improper Input Validation6 documents6 sources

Severity

7.7HIGHNVD

EPSS

0.3%

top 47.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS 12.2 SG1 Cisco IOS Cisco IOS XE +1 more

Timeline

PublishedJun 3

Latest updateMay 24

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allo…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages4 packages

▶NVDcisco/ios82 versions+81

▶NVDcisco/ios_xe68 versions+67

▶CVEListV5cisco/cisco_ios_12.2_sg1n/a

▶NVDoracle/goldengate_management_pack12.2.1.2.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mwgg-45mm-wcjm: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Swi↗2022-05-24

▶

CVEList

Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability↗2020-06-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Monitor (SNMP) — CVE-2020-3235↗2020-10-15

▶

Cisco

Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability↗2020-06-03

▶

💬Community

Bugzilla

CVE-2020-12439 grin: allows attackers to adversely affect availability of data on a Mimblewimble blockchain↗2020-06-18

▶