CVE-2020-3480Improper Check for Unusual or Exceptional Conditions in Cisco IOS XE Software

CWE-754Improper Check for Unusual or Exceptional Conditions4 documents4 sources
Severity
8.6HIGHNVD
EPSS
1.2%
top 21.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedSep 24
Latest updateMay 24

Description

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j8wq-qrfv-42q5: Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the devi2022-05-24
CVEList
Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities2020-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities2020-09-24
CVE-2020-3480 — Cisco IOS XE Software vulnerability | cvebase