CVE-2020-3244

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 38.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Staros Cisco Cisco ASR 5000 Series Software

Timeline

PublishedJun 18

Latest updateMay 24

Description

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to by…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_asr_5000_series_softwaren/a

▶NVDcisco/staros< 21.18.0

🔴Vulnerability Details

GHSA

GHSA-mp76-mqjp-pxx7: A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthentica↗2022-05-24

▶

CVEList

Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability↗2020-06-17

▶