CVE-2020-3567Improper Input Validation in Cisco Industrial Network Director

CWE-20Improper Input ValidationCWE-787Out-of-bounds Write5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 41.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Industrial Network DirectorCisco Industrial Network DirectorCisco Network Level Service
Timeline
PublishedOct 8
Latest updateMay 24

Description

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a perma

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDcisco/network_level_service1.8\(0.142\), 1.9\(0.63\)+1

🔴Vulnerability Details

2
GHSA
GHSA-5vp7-f4x6-7r58: A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU u2022-05-24
CVEList
Cisco Industrial Network Director Denial of Service Vulnerability2020-10-08

📋Vendor Advisories

2
Red Hat
caribou: segfault on pressing ē since Xorg CVE-2020-25712 fix2021-01-13
Cisco
Cisco Industrial Network Director Denial of Service Vulnerability2020-10-07
CVE-2020-3567 — Improper Input Validation in Cisco | cvebase