CVE-2020-3527 — Improper Input Validation in Cisco IOS XE

CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.7%

top 28.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Cisco IOS XE Software

Timeline

PublishedSep 24

Latest updateMay 24

Description

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDcisco/ios_xe16.9.0 — 16.9.5+1

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-wq7w-fc8m-6mr2: A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device↗2022-05-24

▶

CVEList

Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability↗2020-09-24

▶

📋Vendor Advisories

Cisco

Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability↗2020-09-24

▶