Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-3199 (GCVE-0-2020-3199)
Vulnerability from cvelistv5 – Published: 2020-06-03 17:45 – Updated: 2024-11-15 17:13
VLAI?
EPSS
Title
Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities
Summary
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS 12.2(60)EZ16 |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:28:06.707695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:13:03.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS 12.2(60)EZ16",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-03T17:45:18.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
],
"source": {
"advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
"defect": [
[
"CSCvq68872",
"CSCvr15042"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-03T16:00:00",
"ID": "CVE-2020-3199",
"STATE": "PUBLIC",
"TITLE": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS 12.2(60)EZ16",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
]
},
"source": {
"advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
"defect": [
[
"CSCvq68872",
"CSCvr15042"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3199",
"datePublished": "2020-06-03T17:45:18.614Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2024-11-15T17:13:03.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL\", \"name\": \"20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:24:00.919Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3199\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:28:06.707695Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:28:40.565Z\"}}], \"cna\": {\"title\": \"Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities\", \"source\": {\"defect\": [[\"CSCvq68872\", \"CSCvr15042\"]], \"advisory\": \"cisco-sa-ios-iot-gos-vuln-s9qS8kYL\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.1, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS 12.2(60)EZ16\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"datePublic\": \"2020-06-03T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL\", \"name\": \"20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-06-03T17:45:18.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.1\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCvq68872\", \"CSCvr15042\"]], \"advisory\": \"cisco-sa-ios-iot-gos-vuln-s9qS8kYL\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS 12.2(60)EZ16\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL\", \"name\": \"20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3199\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-06-03T16:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-3199\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:13:03.613Z\", \"dateReserved\": \"2019-12-12T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-06-03T17:45:18.614Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2020-3199
Vulnerability from fkie_nvd - Published: 2020-06-03 18:15 - Updated: 2024-11-21 05:30
Severity ?
Summary
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios | 12.2\(60\)ez16 | |
| cisco | ios | 15.0\(2\)sg11a | |
| cisco | ios | 15.3\(3\)jaa1 | |
| cisco | ios | 15.3\(3\)jpj | |
| cisco | ios | 15.4\(1\)cg | |
| cisco | ios | 15.4\(2\)cg | |
| cisco | ios | 15.4\(3\)m | |
| cisco | ios | 15.4\(3\)m1 | |
| cisco | ios | 15.4\(3\)m2 | |
| cisco | ios | 15.4\(3\)m3 | |
| cisco | ios | 15.4\(3\)m4 | |
| cisco | ios | 15.4\(3\)m5 | |
| cisco | ios | 15.4\(3\)m6 | |
| cisco | ios | 15.4\(3\)m6a | |
| cisco | ios | 15.4\(3\)m7 | |
| cisco | ios | 15.4\(3\)m8 | |
| cisco | ios | 15.4\(3\)m9 | |
| cisco | ios | 15.4\(3\)m10 | |
| cisco | ios | 15.5\(1\)t | |
| cisco | ios | 15.5\(1\)t2 | |
| cisco | ios | 15.5\(1\)t3 | |
| cisco | ios | 15.5\(1\)t4 | |
| cisco | ios | 15.5\(2\)t | |
| cisco | ios | 15.5\(2\)t1 | |
| cisco | ios | 15.5\(2\)t2 | |
| cisco | ios | 15.5\(2\)t3 | |
| cisco | ios | 15.5\(2\)t4 | |
| cisco | ios | 15.5\(3\)m | |
| cisco | ios | 15.5\(3\)m0a | |
| cisco | ios | 15.5\(3\)m1 | |
| cisco | ios | 15.5\(3\)m2 | |
| cisco | ios | 15.5\(3\)m2a | |
| cisco | ios | 15.5\(3\)m3 | |
| cisco | ios | 15.5\(3\)m4 | |
| cisco | ios | 15.5\(3\)m4a | |
| cisco | ios | 15.5\(3\)m5 | |
| cisco | ios | 15.5\(3\)m6 | |
| cisco | ios | 15.5\(3\)m6a | |
| cisco | ios | 15.5\(3\)m7 | |
| cisco | ios | 15.5\(3\)m8 | |
| cisco | ios | 15.5\(3\)m9 | |
| cisco | ios | 15.5\(3\)m10 | |
| cisco | ios | 15.5\(3\)m11 | |
| cisco | ios | 15.6\(1\)t | |
| cisco | ios | 15.6\(1\)t0a | |
| cisco | ios | 15.6\(1\)t1 | |
| cisco | ios | 15.6\(1\)t2 | |
| cisco | ios | 15.6\(1\)t3 | |
| cisco | ios | 15.6\(2\)t | |
| cisco | ios | 15.6\(2\)t1 | |
| cisco | ios | 15.6\(2\)t2 | |
| cisco | ios | 15.6\(2\)t3 | |
| cisco | ios | 15.6\(3\)m | |
| cisco | ios | 15.6\(3\)m0a | |
| cisco | ios | 15.6\(3\)m1 | |
| cisco | ios | 15.6\(3\)m1b | |
| cisco | ios | 15.6\(3\)m2 | |
| cisco | ios | 15.6\(3\)m3 | |
| cisco | ios | 15.6\(3\)m3a | |
| cisco | ios | 15.6\(3\)m4 | |
| cisco | ios | 15.6\(3\)m5 | |
| cisco | ios | 15.6\(3\)m6 | |
| cisco | ios | 15.6\(3\)m6a | |
| cisco | ios | 15.6\(3\)m6b | |
| cisco | ios | 15.6\(3\)m7 | |
| cisco | ios | 15.6\(3\)m8 | |
| cisco | ios | 15.6\(3\)m9 | |
| cisco | ios | 15.7\(3\)m | |
| cisco | ios | 15.7\(3\)m1 | |
| cisco | ios | 15.7\(3\)m2 | |
| cisco | ios | 15.7\(3\)m3 | |
| cisco | ios | 15.7\(3\)m4 | |
| cisco | ios | 15.7\(3\)m4a | |
| cisco | ios | 15.7\(3\)m4b | |
| cisco | ios | 15.7\(3\)m5 | |
| cisco | ios | 15.7\(3\)m6 | |
| cisco | ios | 15.7\(3\)m7 | |
| cisco | ios | 15.8\(3\)m | |
| cisco | ios | 15.8\(3\)m0a | |
| cisco | ios | 15.8\(3\)m1 | |
| cisco | ios | 15.8\(3\)m2 | |
| cisco | ios | 15.8\(3\)m2a | |
| cisco | ios | 15.8\(3\)m3 | |
| cisco | ios | 15.8\(3\)m3a | |
| cisco | ios | 15.8\(3\)m3b | |
| cisco | ios | 15.8\(3\)m4 | |
| cisco | ios | 15.8\(3\)m5 | |
| cisco | ios | 15.9\(3\)m | |
| cisco | ios | 15.9\(3\)m0a | |
| cisco | 1120 | - | |
| cisco | 1240 | - | |
| cisco | 809 | - | |
| cisco | 829 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
"matchCriteriaId": "C2950C7F-EEB9-4956-937D-CD978AAC2E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAC6B58-6FC4-459B-9663-4FDC6A6F8DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE1AD0D-C3E9-488C-89CB-F2342CF6D5A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
"matchCriteriaId": "2F69B4F2-4A03-4383-8958-11EE154A7350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(1\\)cg:*:*:*:*:*:*:*",
"matchCriteriaId": "D962FBA3-CE59-401B-9451-45001775BA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(2\\)cg:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8E0069-21AB-497F-9F4C-6F7C041BA0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "1C85BAAF-819B-40E7-9099-04AA8D9AB114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED684DB4-527A-4268-B197-4719B0178429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "88F41406-0F55-4D74-A4F6-4ABD5A803907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "7082C083-7517-4CD4-BF95-CC7AF08D4053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "370EF3DC-151F-4724-A026-3AD8ED6D801C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8FB86F-2A89-413B-BED7-97E3D392804E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "005EAD76-34BE-4E3F-8840-23F613661FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "2595B3E3-7FD4-4EFF-98A2-89156A657A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "FB998A1F-BAEA-4B8F-BE49-1C282ED3952E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m8:*:*:*:*:*:*:*",
"matchCriteriaId": "8AABDAB3-6329-48CF-BB49-DA2046AB9048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m9:*:*:*:*:*:*:*",
"matchCriteriaId": "C96E41FF-DD4B-4D55-8C96-248C9A15226B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m10:*:*:*:*:*:*:*",
"matchCriteriaId": "64F7ACB5-4FE5-4B07-8B4D-28DF8D655199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "59F21FEC-A536-45CB-9AE5-61CE45EAD1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "6994F100-864F-4512-9141-F7D1050F9DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0CC364-FF3A-4FB3-8004-6628400BC7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t4:*:*:*:*:*:*:*",
"matchCriteriaId": "67A1BC08-28AF-4583-BE21-0D85CA2D7B6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4E00DF-60FD-48F2-A69A-D709A5657F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5D3761-16C8-413A-89AD-C076B9B92FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "F690BEC9-FAE9-4C02-9993-34BF14FA99EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEA314F-8C89-4D6C-A6B6-3E9247A35B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B8565B-3EE6-48DC-AE92-9F16AFFC509C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "716EC9AA-0569-4FA7-A244-1A14FA15C5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "39166A66-859D-43A7-9947-3F3C32FBFAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "097D1950-6159-45A2-8653-D3F90044D0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "F421AC3C-B0BC-4177-ACDB-87792C1636EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "EA965B88-3464-4320-B9C4-594C49C9C0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "09CD336D-1110-4B0C-B8D4-7C96293CBADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "47C580D9-A2EC-4CBB-87F5-1F5CBA23F73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "3C427BA8-3A8C-4934-997B-6DDF9CEB96AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "C7809674-4738-463E-B522-FC6C419E2A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD51F00-C219-439F-918E-9AF20A6E053A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "57BCB671-7ED0-43D5-894F-8B3DBF44E68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4802BC7-F326-4F6E-9C74-04032FF35FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDE3BCF-B518-47B0-BD3B-0B75515771E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5C9BF5-0C29-4B50-9A86-29F0ECD44F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B0621A-D7A2-415B-91ED-674F2FB4227B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9D7FDD-8CE6-4E83-A186-734BC5546E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "5E25B3DC-B9A7-4DFC-8566-3F790F460DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
"matchCriteriaId": "679DCA8C-F64B-4716-BCC9-9C461A89CB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBF8B70-DFBE-4F6E-83F0-171F03E97606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA55D660-66C6-4278-8C27-25DB2712CC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "5609B342-D98E-4850-A0FE-810699A80A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
"matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
"matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0B918F-A28C-4B5A-A566-6E588B4F6696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
"matchCriteriaId": "436114F2-D906-4469-99C4-10B75253B3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "22EB41FD-4DE2-4753-A18C-C877B81B51D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "158EDE62-04C9-471B-B243-309D49583E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
"matchCriteriaId": "405CC56E-574F-4983-B492-C8811FAF06E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B1829074-66F9-4B3B-A084-B88D838CFC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "6715A135-61A7-4E56-948D-8A8D5F7C98C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C836C26-DBC1-42CB-9B73-9F248D4F2B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0502FCFE-B123-422C-AC43-05260B4E952C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5AB946-818F-44CF-864E-F24ACC999A2D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0606E8E-0E89-4DE9-8389-60D9DDAC30B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en el entorno de aplicaci\u00f3n en Cisco IOx de Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000) que ejecuta Cisco IOS Software, podr\u00edan permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o ejecutar c\u00f3digo arbitrario con privilegios elevados en un dispositivo afectado. Para mayor informaci\u00f3n sobre estas vulnerabilidades, ver la secci\u00f3n de Detalles de este aviso."
}
],
"id": "CVE-2020-3199",
"lastModified": "2024-11-21T05:30:32.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-03T18:15:17.027",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2020-3199
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-3199",
"description": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GSD-2020-3199"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-3199"
],
"details": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GSD-2020-3199",
"modified": "2023-12-13T01:22:09.560503Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-03T16:00:00",
"ID": "CVE-2020-3199",
"STATE": "PUBLIC",
"TITLE": "Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS 12.2(60)EZ16",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
]
},
"source": {
"advisory": "cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
"defect": [
[
"CSCvq68872",
"CSCvr15042"
]
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:12.2\\(60\\)ez16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.0\\(2\\)sg11a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jaa1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.3\\(3\\)jpj:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(1\\)cg:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(2\\)cg:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.4\\(3\\)m10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(1\\)t4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(2\\)t4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m2a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m4a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.5\\(3\\)m11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:809:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:829:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2020-3199"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200603 Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-10-26T16:32Z",
"publishedDate": "2020-06-03T18:15Z"
}
}
}
CVE-2020-3199
Vulnerability from fstec - Published: 03.06.2020
VLAI Severity ?
Title
Уязвимость программной платформы IOx операционной системы Cisco IOS, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код или вызвать отказ в обслуживании
Description
Уязвимость программной платформы IOx операционной системы Cisco IOS связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии и выполнить произвольный код или вызвать отказ в обслуживании
Severity ?
Vendor
Cisco Systems Inc.
Software Name
Cisco IOS
Software Version
15.6(1)T0a (Cisco IOS), 15.5(3)M (Cisco IOS), 15.5(1)T (Cisco IOS), 15.5(2)T (Cisco IOS), 15.5(1)T3 (Cisco IOS), 15.5(2)T1 (Cisco IOS), 15.5(2)T2 (Cisco IOS), 15.5(2)T3 (Cisco IOS), 15.5(2)T4 (Cisco IOS), 15.5(1)T4 (Cisco IOS), 15.5(3)M1 (Cisco IOS), 15.5(3)M0a (Cisco IOS), 15.5(3)M2 (Cisco IOS), 15.5(3)M3 (Cisco IOS), 15.5(3)M4 (Cisco IOS), 15.5(3)M4a (Cisco IOS), 15.5(3)M5 (Cisco IOS), 15.5(3)M6 (Cisco IOS), 15.5(3)M6a (Cisco IOS), 15.6(1)T (Cisco IOS), 15.6(2)T (Cisco IOS), 15.6(1)T1 (Cisco IOS), 15.6(2)T1 (Cisco IOS), 15.6(1)T2 (Cisco IOS), 15.6(2)T2 (Cisco IOS), 15.6(1)T3 (Cisco IOS), 15.6(2)T3 (Cisco IOS), 15.6(3)M (Cisco IOS), 15.6(3)M1 (Cisco IOS), 15.6(3)M0a (Cisco IOS), 15.6(3)M1b (Cisco IOS), 15.6(3)M2 (Cisco IOS), 15.6(3)M3 (Cisco IOS), 15.6(3)M3a (Cisco IOS), 15.7(3)M (Cisco IOS), 15.3(3)JAA1 (Cisco IOS), 15.5(1)T2 (Cisco IOS), 15.4(3)M6a (Cisco IOS), 15.4(3)M7 (Cisco IOS), 15.4(3)M6 (Cisco IOS), 15.4(3)M5 (Cisco IOS), 15.4(3)M4 (Cisco IOS), 15.6(3)M6 (Cisco IOS), 15.7(3)M3 (Cisco IOS), 15.8(3)M (Cisco IOS), 15.8(3)M0a (Cisco IOS), 15.5(3)M2a (Cisco IOS), 15.4(3)M (Cisco IOS), 15.4(3)M1 (Cisco IOS), 15.4(3)M2 (Cisco IOS), 15.4(3)M3 (Cisco IOS), 15.4(3)M7a (Cisco IOS), 15.4(3)M8 (Cisco IOS), 15.4(3)M9 (Cisco IOS), 15.4(3)M10 (Cisco IOS), 15.5(3)M7 (Cisco IOS), 15.5(3)M8 (Cisco IOS), 15.6(3)M4 (Cisco IOS), 15.6(3)M5 (Cisco IOS), 15.7(3)M1 (Cisco IOS), 15.7(3)M2 (Cisco IOS), 15.4(1)CG (Cisco IOS), 15.4(2)CG (Cisco IOS), 12.2(60)EZ16 (Cisco IOS), 15.0(2)SG11a (Cisco IOS), 15.5(3)M9 (Cisco IOS), 15.5(3)M10 (Cisco IOS), 15.5(3)M11 (Cisco IOS), 15.6(3)M7 (Cisco IOS), 15.6(3)M6a (Cisco IOS), 15.6(3)M6b (Cisco IOS), 15.6(3)M8 (Cisco IOS), 15.6(3)M9 (Cisco IOS), 15.7(3)M4 (Cisco IOS), 15.7(3)M5 (Cisco IOS), 15.7(3)M4a (Cisco IOS), 15.7(3)M4b (Cisco IOS), 15.7(3)M6 (Cisco IOS), 15.7(3)M7 (Cisco IOS), 15.8(3)M1 (Cisco IOS), 15.8(3)M2 (Cisco IOS), 15.8(3)M3 (Cisco IOS), 15.8(3)M2a (Cisco IOS), 15.8(3)M4 (Cisco IOS), 15.8(3)M3a (Cisco IOS), 15.8(3)M3b (Cisco IOS), 15.8(3)M5 (Cisco IOS), 15.9(3)M (Cisco IOS), 15.9(3)M0a (Cisco IOS), 15.3(3)JPJ (Cisco IOS)
Possible Mitigations
Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL
https://nvd.nist.gov/vuln/detail/CVE-2020-3199
CWE
CWE-20
{
"CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.6(1)T0a (Cisco IOS), 15.5(3)M (Cisco IOS), 15.5(1)T (Cisco IOS), 15.5(2)T (Cisco IOS), 15.5(1)T3 (Cisco IOS), 15.5(2)T1 (Cisco IOS), 15.5(2)T2 (Cisco IOS), 15.5(2)T3 (Cisco IOS), 15.5(2)T4 (Cisco IOS), 15.5(1)T4 (Cisco IOS), 15.5(3)M1 (Cisco IOS), 15.5(3)M0a (Cisco IOS), 15.5(3)M2 (Cisco IOS), 15.5(3)M3 (Cisco IOS), 15.5(3)M4 (Cisco IOS), 15.5(3)M4a (Cisco IOS), 15.5(3)M5 (Cisco IOS), 15.5(3)M6 (Cisco IOS), 15.5(3)M6a (Cisco IOS), 15.6(1)T (Cisco IOS), 15.6(2)T (Cisco IOS), 15.6(1)T1 (Cisco IOS), 15.6(2)T1 (Cisco IOS), 15.6(1)T2 (Cisco IOS), 15.6(2)T2 (Cisco IOS), 15.6(1)T3 (Cisco IOS), 15.6(2)T3 (Cisco IOS), 15.6(3)M (Cisco IOS), 15.6(3)M1 (Cisco IOS), 15.6(3)M0a (Cisco IOS), 15.6(3)M1b (Cisco IOS), 15.6(3)M2 (Cisco IOS), 15.6(3)M3 (Cisco IOS), 15.6(3)M3a (Cisco IOS), 15.7(3)M (Cisco IOS), 15.3(3)JAA1 (Cisco IOS), 15.5(1)T2 (Cisco IOS), 15.4(3)M6a (Cisco IOS), 15.4(3)M7 (Cisco IOS), 15.4(3)M6 (Cisco IOS), 15.4(3)M5 (Cisco IOS), 15.4(3)M4 (Cisco IOS), 15.6(3)M6 (Cisco IOS), 15.7(3)M3 (Cisco IOS), 15.8(3)M (Cisco IOS), 15.8(3)M0a (Cisco IOS), 15.5(3)M2a (Cisco IOS), 15.4(3)M (Cisco IOS), 15.4(3)M1 (Cisco IOS), 15.4(3)M2 (Cisco IOS), 15.4(3)M3 (Cisco IOS), 15.4(3)M7a (Cisco IOS), 15.4(3)M8 (Cisco IOS), 15.4(3)M9 (Cisco IOS), 15.4(3)M10 (Cisco IOS), 15.5(3)M7 (Cisco IOS), 15.5(3)M8 (Cisco IOS), 15.6(3)M4 (Cisco IOS), 15.6(3)M5 (Cisco IOS), 15.7(3)M1 (Cisco IOS), 15.7(3)M2 (Cisco IOS), 15.4(1)CG (Cisco IOS), 15.4(2)CG (Cisco IOS), 12.2(60)EZ16 (Cisco IOS), 15.0(2)SG11a (Cisco IOS), 15.5(3)M9 (Cisco IOS), 15.5(3)M10 (Cisco IOS), 15.5(3)M11 (Cisco IOS), 15.6(3)M7 (Cisco IOS), 15.6(3)M6a (Cisco IOS), 15.6(3)M6b (Cisco IOS), 15.6(3)M8 (Cisco IOS), 15.6(3)M9 (Cisco IOS), 15.7(3)M4 (Cisco IOS), 15.7(3)M5 (Cisco IOS), 15.7(3)M4a (Cisco IOS), 15.7(3)M4b (Cisco IOS), 15.7(3)M6 (Cisco IOS), 15.7(3)M7 (Cisco IOS), 15.8(3)M1 (Cisco IOS), 15.8(3)M2 (Cisco IOS), 15.8(3)M3 (Cisco IOS), 15.8(3)M2a (Cisco IOS), 15.8(3)M4 (Cisco IOS), 15.8(3)M3a (Cisco IOS), 15.8(3)M3b (Cisco IOS), 15.8(3)M5 (Cisco IOS), 15.9(3)M (Cisco IOS), 15.9(3)M0a (Cisco IOS), 15.3(3)JPJ (Cisco IOS)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.06.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02886",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-3199",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS 15.6(1)T0a , Cisco Systems Inc. Cisco IOS 15.5(3)M , Cisco Systems Inc. Cisco IOS 15.5(1)T , Cisco Systems Inc. Cisco IOS 15.5(2)T , Cisco Systems Inc. Cisco IOS 15.5(1)T3 , Cisco Systems Inc. Cisco IOS 15.5(2)T1 , Cisco Systems Inc. Cisco IOS 15.5(2)T2 , Cisco Systems Inc. Cisco IOS 15.5(2)T3 , Cisco Systems Inc. Cisco IOS 15.5(2)T4 , Cisco Systems Inc. Cisco IOS 15.5(1)T4 , Cisco Systems Inc. Cisco IOS 15.5(3)M1 , Cisco Systems Inc. Cisco IOS 15.5(3)M0a , Cisco Systems Inc. Cisco IOS 15.5(3)M2 , Cisco Systems Inc. Cisco IOS 15.5(3)M3 , Cisco Systems Inc. Cisco IOS 15.5(3)M4 , Cisco Systems Inc. Cisco IOS 15.5(3)M4a , Cisco Systems Inc. Cisco IOS 15.5(3)M5 , Cisco Systems Inc. Cisco IOS 15.5(3)M6 , Cisco Systems Inc. Cisco IOS 15.5(3)M6a , Cisco Systems Inc. Cisco IOS 15.6(1)T , Cisco Systems Inc. Cisco IOS 15.6(2)T , Cisco Systems Inc. Cisco IOS 15.6(1)T1 , Cisco Systems Inc. Cisco IOS 15.6(2)T1 , Cisco Systems Inc. Cisco IOS 15.6(1)T2 , Cisco Systems Inc. Cisco IOS 15.6(2)T2 , Cisco Systems Inc. Cisco IOS 15.6(1)T3 , Cisco Systems Inc. Cisco IOS 15.6(2)T3 , Cisco Systems Inc. Cisco IOS 15.6(3)M , Cisco Systems Inc. Cisco IOS 15.6(3)M1 , Cisco Systems Inc. Cisco IOS 15.6(3)M0a , Cisco Systems Inc. Cisco IOS 15.6(3)M1b , Cisco Systems Inc. Cisco IOS 15.6(3)M2 , Cisco Systems Inc. Cisco IOS 15.6(3)M3 , Cisco Systems Inc. Cisco IOS 15.6(3)M3a , Cisco Systems Inc. Cisco IOS 15.7(3)M , Cisco Systems Inc. Cisco IOS 15.3(3)JAA1 , Cisco Systems Inc. Cisco IOS 15.5(1)T2 , Cisco Systems Inc. Cisco IOS 15.4(3)M6a , Cisco Systems Inc. Cisco IOS 15.4(3)M7 , Cisco Systems Inc. Cisco IOS 15.4(3)M6 , Cisco Systems Inc. Cisco IOS 15.4(3)M5 , Cisco Systems Inc. Cisco IOS 15.4(3)M4 , Cisco Systems Inc. Cisco IOS 15.6(3)M6 , Cisco Systems Inc. Cisco IOS 15.7(3)M3 , Cisco Systems Inc. Cisco IOS 15.8(3)M , Cisco Systems Inc. Cisco IOS 15.8(3)M0a , Cisco Systems Inc. Cisco IOS 15.5(3)M2a , Cisco Systems Inc. Cisco IOS 15.4(3)M , Cisco Systems Inc. Cisco IOS 15.4(3)M1 , Cisco Systems Inc. Cisco IOS 15.4(3)M2 , Cisco Systems Inc. Cisco IOS 15.4(3)M3 , Cisco Systems Inc. Cisco IOS 15.4(3)M7a , Cisco Systems Inc. Cisco IOS 15.4(3)M8 , Cisco Systems Inc. Cisco IOS 15.4(3)M9 , Cisco Systems Inc. Cisco IOS 15.4(3)M10 , Cisco Systems Inc. Cisco IOS 15.5(3)M7 , Cisco Systems Inc. Cisco IOS 15.5(3)M8 , Cisco Systems Inc. Cisco IOS 15.6(3)M4 , Cisco Systems Inc. Cisco IOS 15.6(3)M5 , Cisco Systems Inc. Cisco IOS 15.7(3)M1 , Cisco Systems Inc. Cisco IOS 15.7(3)M2 , Cisco Systems Inc. Cisco IOS 15.4(1)CG , Cisco Systems Inc. Cisco IOS 15.4(2)CG , Cisco Systems Inc. Cisco IOS 12.2(60)EZ16 , Cisco Systems Inc. Cisco IOS 15.0(2)SG11a , Cisco Systems Inc. Cisco IOS 15.5(3)M9 , Cisco Systems Inc. Cisco IOS 15.5(3)M10 , Cisco Systems Inc. Cisco IOS 15.5(3)M11 , Cisco Systems Inc. Cisco IOS 15.6(3)M7 , Cisco Systems Inc. Cisco IOS 15.6(3)M6a , Cisco Systems Inc. Cisco IOS 15.6(3)M6b , Cisco Systems Inc. Cisco IOS 15.6(3)M8 , Cisco Systems Inc. Cisco IOS 15.6(3)M9 , Cisco Systems Inc. Cisco IOS 15.7(3)M4 , Cisco Systems Inc. Cisco IOS 15.7(3)M5 , Cisco Systems Inc. Cisco IOS 15.7(3)M4a , Cisco Systems Inc. Cisco IOS 15.7(3)M4b , Cisco Systems Inc. Cisco IOS 15.7(3)M6 , Cisco Systems Inc. Cisco IOS 15.7(3)M7 , Cisco Systems Inc. Cisco IOS 15.8(3)M1 , Cisco Systems Inc. Cisco IOS 15.8(3)M2 , Cisco Systems Inc. Cisco IOS 15.8(3)M3 , Cisco Systems Inc. Cisco IOS 15.8(3)M2a , Cisco Systems Inc. Cisco IOS 15.8(3)M4 , Cisco Systems Inc. Cisco IOS 15.8(3)M3a , Cisco Systems Inc. Cisco IOS 15.8(3)M3b , Cisco Systems Inc. Cisco IOS 15.8(3)M5 , Cisco Systems Inc. Cisco IOS 15.9(3)M , Cisco Systems Inc. Cisco IOS 15.9(3)M0a , Cisco Systems Inc. Cisco IOS 15.3(3)JPJ ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b IOx \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b IOx \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3199",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
GHSA-FVX8-MGV2-3FJQ
Vulnerability from github – Published: 2022-05-24 17:19 – Updated: 2024-04-04 02:51
VLAI?
Details
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-3199"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-03T18:15:00Z",
"severity": "HIGH"
},
"details": "Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GHSA-fvx8-mgv2-3fjq",
"modified": "2024-04-04T02:51:22Z",
"published": "2022-05-24T17:19:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3199"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2020-AVI-340
Vulnerability from certfr_avis - Published: 2020-06-04 - Updated: 2020-06-05
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco IOx sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS | Cisco IOS pour routeurs Cisco séries CGR1000 sans le dernier correctif de sécurité | ||
| Cisco | NX-OS | Cisco NX-OS sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS XE | Cisco IOS et IOS XE sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS | Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de sécurité | ||
| Cisco | IOS XR | Cisco IOS XR versions 5.2 et 5.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOx sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS pour routeurs Cisco s\u00e9ries CGR1000 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et IOS XE sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 5.2 et 5.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3211"
},
{
"name": "CVE-2020-3257",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3257"
},
{
"name": "CVE-2020-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3212"
},
{
"name": "CVE-2020-3205",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3205"
},
{
"name": "CVE-2020-3218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3218"
},
{
"name": "CVE-2020-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3200"
},
{
"name": "CVE-2020-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3234"
},
{
"name": "CVE-2020-3229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3229"
},
{
"name": "CVE-2020-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3217"
},
{
"name": "CVE-2020-3208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3208"
},
{
"name": "CVE-2020-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3235"
},
{
"name": "CVE-2020-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3219"
},
{
"name": "CVE-2020-3230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3230"
},
{
"name": "CVE-2020-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3209"
},
{
"name": "CVE-2020-3258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3258"
},
{
"name": "CVE-2020-3199",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3199"
},
{
"name": "CVE-2020-3227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3227"
},
{
"name": "CVE-2020-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3203"
},
{
"name": "CVE-2020-3210",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3210"
},
{
"name": "CVE-2020-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3198"
},
{
"name": "CVE-2020-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3225"
},
{
"name": "CVE-2020-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3224"
},
{
"name": "CVE-2020-3238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3238"
},
{
"name": "CVE-2020-3221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3221"
}
],
"initial_release_date": "2020-06-04T00:00:00",
"last_revision_date": "2020-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-04T00:00:00.000000"
},
{
"description": "Correction de la date de certains avis.",
"revision_date": "2020-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…