CVE-2020-3511Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 72.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 24
Latest updateMay 24

Description

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the pr

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe15.1\(4\)m
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-p84p-mg49-xwvx: A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a rel2022-05-24
CVEList
Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability2020-09-24

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability2020-09-24
CVE-2020-3511 — Improper Input Validation in Cisco IOS | cvebase