CVE-2020-3409Improper Input Validation in Cisco IOS

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource ConsumptionCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 72.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOSCisco IOSCisco IOS XE
Timeline
PublishedSep 24
Latest updateMay 24

Description

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A succ

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

NVDcisco/ios15.2\(7\)e, 16.11.1a+1
NVDcisco/ios_xe15.2\(7\)e, 16.11.1a+1
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-v4cp-84g9-jwmp: A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an2022-05-24
CVEList
Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability2020-09-24

📋Vendor Advisories

3
Microsoft
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation cod2021-03-09
Red Hat
QEMU: sdhci: incomplete fix for CVE-2020-17380/CVE-2020-250852020-12-28
Cisco
Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability2020-09-24
CVE-2020-3409 — Improper Input Validation in Cisco IOS | cvebase