Vulnerability-Lookup

CVE-2020-3497 (GCVE-0-2020-3497)

Vulnerability from cvelistv5 – Published: 2020-09-24 17:52 – Updated: 2024-11-13 17:59

Title

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Summary

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.

Severity ?

7.4 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-20

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:54.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3497",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:23:31.667331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:59:45.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-09-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T17:52:02.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
        }
      ],
      "source": {
        "advisory": "cisco-sa-capwap-dos-TPdNTdyq",
        "defect": [
          [
            "CSCvr51353",
            "CSCvr52613",
            "CSCvr76792",
            "CSCvr77049",
            "CSCvr77764",
            "CSCvr84445",
            "CSCvr91229"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-09-24T16:00:00",
          "ID": "CVE-2020-3497",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-capwap-dos-TPdNTdyq",
          "defect": [
            [
              "CSCvr51353",
              "CSCvr52613",
              "CSCvr76792",
              "CSCvr77049",
              "CSCvr77764",
              "CSCvr84445",
              "CSCvr91229"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3497",
    "datePublished": "2020-09-24T17:52:02.180Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:59:45.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq\", \"name\": \"20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:37:54.201Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3497\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T17:23:31.667331Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T17:27:18.934Z\"}}], \"cna\": {\"title\": \"Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities\", \"source\": {\"defect\": [[\"CSCvr51353\", \"CSCvr52613\", \"CSCvr76792\", \"CSCvr77049\", \"CSCvr77764\", \"CSCvr84445\", \"CSCvr91229\"]], \"advisory\": \"cisco-sa-capwap-dos-TPdNTdyq\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 7.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"datePublic\": \"2020-09-24T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq\", \"name\": \"20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-09-24T17:52:02.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.4\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvr51353\", \"CSCvr52613\", \"CSCvr76792\", \"CSCvr77049\", \"CSCvr77764\", \"CSCvr84445\", \"CSCvr91229\"]], \"advisory\": \"cisco-sa-capwap-dos-TPdNTdyq\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS XE Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq\", \"name\": \"20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3497\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-09-24T16:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-3497\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T17:59:45.613Z\", \"dateReserved\": \"2019-12-12T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-09-24T17:52:02.180Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2020-3497

Vulnerability from fstec - Published: 24.09.2020

Title

Уязвимость реализации протокола Control and Provisioning of Wireless Access Points (CAPWAP) операционной системы Cisco IOS XE контроллера беспроводной сети Cisco Catalyst серии 9800 и точки доступа Catalyst 9100 , позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость реализации протокола Control and Provisioning of Wireless Access Points (CAPWAP) операционной системы Cisco IOS XE контроллеров беспроводной сети Cisco Catalyst серии 9800 и точки доступа Catalyst 9100 связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS XE

Software Version

от 16.10.1 до 16.12.3a включительно (Cisco IOS XE), от 17.1.1 до 17.2.1v включительно (Cisco IOS XE)

Possible Mitigations

Использование рекомендаций производителя: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq https://nvd.nist.gov/vuln/detail/CVE-2020-3497

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 16.10.1 \u0434\u043e 16.12.3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Cisco IOS XE), \u043e\u0442 17.1.1 \u0434\u043e 17.2.1v \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Cisco IOS XE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.11.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.11.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04975",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-3497",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS XE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.10.1 \u0434\u043e 16.12.3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9800 Series, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.10.1 \u0434\u043e 16.12.3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9300, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.10.1 \u0434\u043e 16.12.3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9400, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.10.1 \u0434\u043e 16.12.3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9500, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.10.1 \u0434\u043e 16.12.3a \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9100 AP, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 17.1.1 \u0434\u043e 17.2.1v \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9800 Series, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 17.1.1 \u0434\u043e 17.2.1v \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9300, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 17.1.1 \u0434\u043e 17.2.1v \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9400, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 17.1.1 \u0434\u043e 17.2.1v \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9500, Cisco Systems Inc. Cisco IOS XE \u043e\u0442 17.1.1 \u0434\u043e 17.2.1v \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e Catalyst 9100 AP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Control and Provisioning of Wireless Access Points (CAPWAP) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 Cisco Catalyst \u0441\u0435\u0440\u0438\u0438 9800 \u0438 \u0442\u043e\u0447\u043a\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 Catalyst 9100 , \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Control and Provisioning of Wireless Access Points (CAPWAP) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 Cisco Catalyst \u0441\u0435\u0440\u0438\u0438 9800 \u0438 \u0442\u043e\u0447\u043a\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 Catalyst 9100 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3497",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}

GHSA-8MGM-98F6-65GC

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3497"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-24T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",
  "id": "GHSA-8mgm-98f6-65gc",
  "modified": "2022-05-24T17:29:29Z",
  "published": "2022-05-24T17:29:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3497"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-3497

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-3497

Aliases

CVE-2020-3497

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3497",
    "description": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",
    "id": "GSD-2020-3497"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3497"
      ],
      "details": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.",
      "id": "GSD-2020-3497",
      "modified": "2023-12-13T01:22:10.330901Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2020-09-24T16:00:00",
        "ID": "CVE-2020-3497",
        "STATE": "PUBLIC",
        "TITLE": "Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco IOS XE Software ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "7.4",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-capwap-dos-TPdNTdyq",
        "defect": [
          [
            "CSCvr51353",
            "CSCvr52613",
            "CSCvr76792",
            "CSCvr77049",
            "CSCvr77764",
            "CSCvr84445",
            "CSCvr91229"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:9800-40:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:9800-80:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:9800-cl:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:9800-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2020-3497"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200924 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2021-10-19T18:44Z",
      "publishedDate": "2020-09-24T18:15Z"
    }
  }
}

CERTFR-2020-AVI-599

Vulnerability from certfr_avis - Published: 2020-09-25 - Updated: 2020-09-25

De multiples vulnérabilités ont été découvertes dans Cisco IOS XE, IOS et AireOS. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco IOS
Cisco IOS XE
Cisco IOS XE Software Common Open Policy Service Cisco
Cisco IOS XE Wireless Controller Software pour Catalyst 9000
Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List
Cisco IOS XE Software pour Cisco ASR 1000 Series 20-Gbps Embedded Services Processor
Cisco IOS XE Software PROFINET
Cisco IOS XE Software pour Cisco cBR-8
Cisco IOS XE Software pour Cisco ASR 900 Series Route Switch Processor 3
Cisco IOS XE Software pour Catalyst 9200 Series Switches Umbrella Connector
Cisco IOS XE Software IP Service Level Agreements
Cisco IOS XE Software pour Catalyst 9800 Series Wireless Controllers
Cisco IOS XE Software Zone-Based Firewall
Catalyst 9800 Wireless Controllers avec IOS XE ou AireOS
Wireless LAN Controllers (WLC) avec IOS XE ou AireOS

Se référer aux informations fournies par le logiciel Cisco Software Checker pour confirmer si les versions logicielles en usage dans le système d'information sont affectées ou non.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-wpa-dos-cXshjerc du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-zbfw-94ckG4G du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-isdn-q931-dos-67eUZBTf du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-capwap-dos-TPdNTdyq du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-COPS-VLD-MpbTvGEW du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-splitdns-SPWqpdGW du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-esp20-arp-dos-GvHVggqJ du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-mdns-dos-3tH6cA9J du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-umbrella-dos-t2QMUX37 du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-dhcp-dos-JSCKX43h du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-confacl-HbPtfSuO du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-profinet-J9QMCHPB du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-capwap-dos-ShFzXf du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ISR4461-gKKUROhx du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ios-profinet-dos-65qYG3W5 du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-dclass-dos-VKh9D8k3 du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ipsla-jw2DJmSv du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-le-drTOB625 du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX du 24 septembre 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ipsla-jw2DJmSv du 24 septembre 2020	-	other
Bulletin de sécurité Cisco cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K du 24 septembre 2020	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eCisco IOS\u003c/li\u003e \u003cli\u003eCisco IOS XE\u003c/li\u003e \u003cli\u003eCisco IOS XE Software Common Open Policy Service Cisco\u003c/li\u003e \u003cli\u003eCisco IOS XE Wireless Controller Software pour Catalyst 9000\u003c/li\u003e \u003cli\u003eCisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Cisco ASR 1000 Series 20-Gbps Embedded Services Processor\u003c/li\u003e \u003cli\u003eCisco IOS XE Software PROFINET\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Cisco cBR-8\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Cisco ASR 900 Series Route Switch Processor 3\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Catalyst 9200 Series Switches Umbrella Connector\u003c/li\u003e \u003cli\u003eCisco IOS XE Software IP Service Level Agreements\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Catalyst 9800 Series Wireless Controllers\u003c/li\u003e \u003cli\u003eCisco IOS XE Software Zone-Based Firewall\u003c/li\u003e \u003cli\u003eCatalyst 9800 Wireless Controllers avec IOS XE ou AireOS\u003c/li\u003e \u003cli\u003eWireless LAN Controllers (WLC) avec IOS XE ou AireOS\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux informations fournies par le logiciel \u003cem\u003eCisco Software Checker\u003c/em\u003e pour confirmer si les versions logicielles en usage dans le syst\u00e8me d\u0027information sont affect\u00e9es ou non.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3407"
    },
    {
      "name": "CVE-2020-3488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3488"
    },
    {
      "name": "CVE-2020-3428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3428"
    },
    {
      "name": "CVE-2020-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3390"
    },
    {
      "name": "CVE-2020-3408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3408"
    },
    {
      "name": "CVE-2020-3359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3359"
    },
    {
      "name": "CVE-2020-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3414"
    },
    {
      "name": "CVE-2020-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3487"
    },
    {
      "name": "CVE-2020-3526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3526"
    },
    {
      "name": "CVE-2020-3399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3399"
    },
    {
      "name": "CVE-2020-3494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3494"
    },
    {
      "name": "CVE-2020-3422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3422"
    },
    {
      "name": "CVE-2020-3511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3511"
    },
    {
      "name": "CVE-2020-3492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3492"
    },
    {
      "name": "CVE-2020-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3509"
    },
    {
      "name": "CVE-2020-3486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3486"
    },
    {
      "name": "CVE-2020-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3512"
    },
    {
      "name": "CVE-2020-3421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3421"
    },
    {
      "name": "CVE-2020-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3510"
    },
    {
      "name": "CVE-2020-3465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3465"
    },
    {
      "name": "CVE-2020-3429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3429"
    },
    {
      "name": "CVE-2020-3513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3513"
    },
    {
      "name": "CVE-2020-3480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3480"
    },
    {
      "name": "CVE-2020-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3416"
    },
    {
      "name": "CVE-2020-3508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3508"
    },
    {
      "name": "CVE-2020-3497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3497"
    },
    {
      "name": "CVE-2020-3409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3409"
    },
    {
      "name": "CVE-2020-3493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3493"
    },
    {
      "name": "CVE-2020-3489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3489"
    },
    {
      "name": "CVE-2020-3524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3524"
    }
  ],
  "initial_release_date": "2020-09-25T00:00:00",
  "last_revision_date": "2020-09-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipsla-jw2DJmSv du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-jw2DJmSv"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K"
    }
  ],
  "reference": "CERTFR-2020-AVI-599",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IOS XE, IOS\net AireOS. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de type d\u00e9ni de service dans Cisco IOS, IOS XE, AireOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wpa-dos-cXshjerc du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-zbfw-94ckG4G du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K du 24 septembre 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-isdn-q931-dos-67eUZBTf du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capwap-dos-TPdNTdyq du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-COPS-VLD-MpbTvGEW du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-splitdns-SPWqpdGW du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esp20-arp-dos-GvHVggqJ du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-mdns-dos-3tH6cA9J du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-umbrella-dos-t2QMUX37 du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-dhcp-dos-JSCKX43h du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcp-dos-JSCKX43h"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-confacl-HbPtfSuO du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-profinet-J9QMCHPB du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capwap-dos-ShFzXf du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ISR4461-gKKUROhx du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISR4461-gKKUROhx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-profinet-dos-65qYG3W5 du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dclass-dos-VKh9D8k3 du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipsla-jw2DJmSv du 24 septembre 2020",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-le-drTOB625 du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX du 24 septembre 2020",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX"
    }
  ]
}

FKIE_CVE-2020-3497

Vulnerability from fkie_nvd - Published: 2020-09-24 18:15 - Updated: 2024-11-21 05:31

Severity ?

7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	16.12.1
cisco	9800-40	-
cisco	9800-80	-
cisco	9800-cl	-
cisco	9800-l	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:9800-40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2C3816C-95F4-443C-9C79-72F0251528F4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:9800-80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1810C73-93B8-4EB5-85FC-3585AD5256BA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:9800-cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE2BC76E-A166-4E71-B058-F49FF84A9E19",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:9800-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "542244A0-300C-4630-812A-BF45F61E38DD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en el procesamiento del protocolo de Control and Provisioning of Wireless Access Points (CAPWAP) de Cisco IOS XE Software para Cisco Catalyst 9800 Series Wireless Controllers, podr\u00edan permitir a un atacante adyacente no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) de un dispositivo afectado.\u0026#xa0;Estas vulnerabilidades son debido a una comprobaci\u00f3n insuficiente de los paquetes CAPWAP.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de un paquete CAPWAP malformado hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo afectado se bloquee y recargue, resultando en una condici\u00f3n de DoS en el dispositivo afectado."
    }
  ],
  "id": "CVE-2020-3497",
  "lastModified": "2024-11-21T05:31:11.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-24T18:15:20.790",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-3497 (GCVE-0-2020-3497)

CVE-2020-3497

GHSA-8MGM-98F6-65GC

GSD-2020-3497

CERTFR-2020-AVI-599

Solution

FKIE_CVE-2020-3497

Tags

Sightings

Nomenclature