Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-3407 (GCVE-0-2020-3407)
Vulnerability from cvelistv5 – Published: 2020-09-24 18:02 – Updated: 2024-11-13 17:55
VLAI?
EPSS
Title
Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability
Summary
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Severity ?
8.6 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:37.579654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:55:10.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T18:02:04.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
],
"source": {
"advisory": "cisco-sa-confacl-HbPtfSuO",
"defect": [
[
"CSCvs72434"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3407",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
]
},
"source": {
"advisory": "cisco-sa-confacl-HbPtfSuO",
"defect": [
[
"CSCvs72434"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3407",
"datePublished": "2020-09-24T18:02:04.555Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2024-11-13T17:55:10.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO\", \"name\": \"20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:30:58.445Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3407\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-13T17:12:37.579654Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-13T17:15:01.078Z\"}}], \"cna\": {\"title\": \"Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCvs72434\"]], \"advisory\": \"cisco-sa-confacl-HbPtfSuO\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"CHANGED\", \"version\": \"3.0\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2020-09-24T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO\", \"name\": \"20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-09-24T18:02:04.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.6\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvs72434\"]], \"advisory\": \"cisco-sa-confacl-HbPtfSuO\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS XE Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO\", \"name\": \"20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-476\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3407\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-09-24T16:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-3407\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-13T17:55:10.495Z\", \"dateReserved\": \"2019-12-12T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-09-24T18:02:04.555Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2021-43450
Vulnerability from cnvd - Published: 2021-06-20
VLAI Severity ?
Title
Cisco IOS XE拒绝服务漏洞(CNVD-2021-43450)
Description
Cisco IOS XE是美国Cisco公司为其网络设备开发的一套基于Linux内核的模块化操作系统。
Cisco IOS XE的RESTCONF和NETCONF-YANG访问控制列表(ACL)功能存在拒绝服务漏洞,攻击者可利用该漏洞导致设备重新加载。
Severity
高
Patch Name
Cisco IOS XE拒绝服务漏洞(CNVD-2021-43450)的补丁
Patch Description
Cisco IOS XE是美国Cisco公司为其网络设备开发的一套基于Linux内核的模块化操作系统。
Cisco IOS XE的RESTCONF和NETCONF-YANG访问控制列表(ACL)功能存在拒绝服务漏洞,攻击者可利用该漏洞导致设备重新加载。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO
Impacted products
| Name | Cisco IOS XE |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-3407",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-3407"
}
},
"description": "Cisco IOS XE\u662f\u7f8e\u56fdCisco\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5185\u6838\u7684\u6a21\u5757\u5316\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco IOS XE\u7684RESTCONF\u548cNETCONF-YANG\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09\u529f\u80fd\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-43450",
"openTime": "2021-06-20",
"patchDescription": "Cisco IOS XE\u662f\u7f8e\u56fdCisco\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5185\u6838\u7684\u6a21\u5757\u5316\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS XE\u7684RESTCONF\u548cNETCONF-YANG\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09\u529f\u80fd\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco IOS XE\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-43450\uff09\u7684\u8865\u4e01",
"products": {
"product": "Cisco IOS XE"
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO",
"serverity": "\u9ad8",
"submitTime": "2020-09-25",
"title": "Cisco IOS XE\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-43450\uff09"
}
CVE-2020-3407
Vulnerability from fstec - Published: 24.09.2020
VLAI Severity ?
Title
Уязвимость реализации протоколов RESTCONF и NETCONF-YANG операционной системы Cisco IOS XE, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость реализации протоколов RESTCONF и NETCONF-YANG операционной системы Cisco IOS XE связана с ошибками разыменования нулевого указателя. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Cisco Systems Inc.
Software Name
Cisco IOS XE
Software Version
от 16.11.1 до 16.11.2 включительно (Cisco IOS XE), от 16.12.1 до 16.12.3 включительно (Cisco IOS XE), 17.2.1 (Cisco IOS XE), 17.1.1 (Cisco IOS XE)
Possible Mitigations
Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO
CWE
CWE-476
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 16.11.1 \u0434\u043e 16.11.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Cisco IOS XE), \u043e\u0442 16.12.1 \u0434\u043e 16.12.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Cisco IOS XE), 17.2.1 (Cisco IOS XE), 17.1.1 (Cisco IOS XE)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "08.10.2020",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.10.2020",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04587",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-3407",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS XE",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.11.1 \u0434\u043e 16.11.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Cisco Systems Inc. Cisco IOS XE \u043e\u0442 16.12.1 \u0434\u043e 16.12.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Cisco Systems Inc. Cisco IOS XE 17.2.1 , Cisco Systems Inc. Cisco IOS XE 17.1.1 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 RESTCONF \u0438 NETCONF-YANG \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 RESTCONF \u0438 NETCONF-YANG \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}
FKIE_CVE-2020-3407
Vulnerability from fkie_nvd - Published: 2020-09-24 18:15 - Updated: 2024-11-21 05:30
Severity ?
Summary
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:15.8\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "A58F0641-940D-4C2C-9DAF-3FF4E0650F9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F77CD6A-83DA-4F31-A128-AD6DAECD623B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62564BB8-1282-4597-A645-056298BE7CCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E9CC47-3D7C-437A-85BE-4BB94C8AF1B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D2305B-B69E-4F74-A44E-07B3205CE9F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B68B363-3C57-4E95-8B13-0F9B59D551F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26DD41B3-1D1D-44D3-BA8E-5A66AFEE77E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE4E146-1D77-4F15-AE58-3C1CE5DB62C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1952B64C-4AE0-4CCB-86C5-8D1FF6A12822",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAD4397-6DCF-493A-BD61-3A890F6F3AB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB8A757-7888-4AC2-BE44-B89DB83C6C77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2F0A8E-97F6-41AC-BE67-4B2D60F9D36B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9229F3-7BCE-46C4-9879-D57B5BAAE44E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B80890A8-E3D3-462C-B125-9E9BC6525B02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A606FE-E6F1-43F9-B1CD-D9DF35FC3573",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0547E196-5991-4C33-823A-342542E9DFD3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "802CBFC1-8A2F-4BF7-A1D3-00622C33BE16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFE0FC1-EEBC-42F0-88B0-4AF5B76DDD97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D916389F-54DB-44CB-91DD-7CE3C7059350",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5720462A-BE6B-4E84-A1A1-01E80BBA86AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82225D40-537F-41D2-B1C4-1B7D06466B06",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B60888-6E2B-494E-AC65-83337661EE7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE2182E7-C813-4966-A36C-E648A9344299",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7C321E-F083-4AB6-96A0-D6358980441E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4376E56-A21C-4642-A85D-439C8E21CD7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "444F688F-79D0-4F22-B530-7BD520080B8F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55DD2272-10C2-43B9-9F13-6DC41DBE179B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7428E0A8-1641-47FB-9CA9-34311DEF660D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "854D9594-FE84-4E7B-BA21-A3287F2DC302",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1001-hx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C24227E-9FF6-4757-A342-958CA4B8BF63",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1001-hx-rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E529335-18D1-4CEC-A8D5-CC1CA33D64F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1001-x-rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FBFB5C-347B-4F73-93BE-4D3137D8F93A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1001-x-ws:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F040372-CDAD-4AC4-9B7C-BFF9658B6BF2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1002-hx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C33862F1-652A-4F60-BD3E-A6B3733E56A9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1002-hx-rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "130205FD-CA31-4E49-B8C4-181840270C70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1002-hx-ws:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908A56D8-64AF-4813-9D4D-C429C0603A31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1002-x-rf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53DAF422-7E0B-44EB-AD8D-4643A9711739",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr1002-x-ws:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7F661E-335C-4123-9363-E2E5D51846C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18736C74-F68F-4D0B-AE2B-4BC1834EF794",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D223C2AB-22A4-42B5-8BBB-78E2CBF23B40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDD3EAA2-8F25-4099-B76F-5ACC3BE34610",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9BD57F-BDAC-46DD-AF87-8914B29670F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCEBFFC-DD60-4CB1-A7F2-9AC09977BA4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9F7B21F-1DAA-45C7-8C24-D3A19F1C5459",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4F9918-E075-4F78-AFD7-0BB7FA97C1F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E00A0B-A58E-472F-B107-0FE106751F2D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB45406-5216-4A11-B8D3-C44639DC26B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "215D01AE-3767-482A-85C5-3361506F0AC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E37A8-166F-4534-9089-D20B1227F4DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D6DAE3-BAD0-46D8-B899-45B955F532F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:*:*:*:*:*:*:*",
"matchCriteriaId": "327167E8-4B65-4F9D-8760-34CDA03887CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DA2253-C6A9-4749-B313-6552628A96F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C925086A-94B9-4FE0-9FEB-3242C1217453",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB14B34-4035-41D2-834B-7FB069264207",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F257D2BE-7618-4B6A-AFCE-6D9D0084FA1D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA927CE-9D8E-4BC0-9EA6-641E7C4F71B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A46D298-1685-410E-879C-2EBC45C185AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-24u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4ACF54-E576-4D8A-A4E6-17A37EEC53DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-24ux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "196A7C06-8371-479D-973D-591DEB181739",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE42511E-9883-4779-A8E5-FC3E16EF2793",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-48s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB06AD21-91A7-46B8-8F44-683828A5422D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA169AF-3743-4051-B63B-FF6E1ADCD886",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-48u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D13CF5B-4482-4C7D-8D6A-E220F3E4F868",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-48un:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92134C0A-4E5B-43EF-8439-484DF504C43C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26ECF9BD-F632-4A02-8993-C0D44B91289C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48730DB5-94AF-4BE7-8047-52B8B47CE35A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A88142-3284-4C25-8774-36004B5F9087",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB76311-4B6D-4897-A683-4244E92BD570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDA2975-CDB7-4182-A03E-D34F15CDF6F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35B9D0B5-4BE1-490E-9A68-00A3D357BC3D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA2F5A-6146-4142-96A8-552118E4BB67",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF786D6-F28F-49D8-A15C-BFD0AA934355",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA32B0AC-1B0A-4ED8-8532-9C7BE6E059D4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9404r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEFF895-6E4A-4108-BD25-D7DC83154832",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9407r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A485A9A0-2EEC-4C13-846C-0DE2265B2A31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9410r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9F1ACA-9D67-4BF0-A357-40D39A61ED00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-12q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFEE45F-C5AC-483D-9DE6-4CEB98D80A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-16x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6F5BBC-4627-4A3E-B827-3CEE7EE969D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-24q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2E41E2-00CE-42C4-8C91-9307D76F5D7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98CB2D23-B5F8-4FA9-8431-3B0124CE2140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-32c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A8BA9F-3361-43CD-8031-A5DF0AD68BEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-32qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFE4BB6-FC9A-42B3-B8A0-2610D71BB9B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-40x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53D13F1D-345D-45D5-9000-DAFE8A85D71B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFB064E-E390-47B5-AA76-5D3D2E368055",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:csr_1000v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A99113-21C8-4DC4-865B-BEE7401B7720",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-12x48uq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75310844-0DEA-4F0B-B9DB-AA55AA3EED17",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-12x48ur:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28D2AC87-9D6C-4E49-8923-F6B5C73B18F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-12x48uz:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A51E5D-501F-4EDE-8566-A6C217D4C7C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-24pd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB1635F-48C9-47A4-8284-953DFA0B1C89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-24pdm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE619CD8-98F9-4CAC-BFB7-EB4DD84040B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-24ps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE323F9B-C767-4B8E-82C2-1387F29444BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-24td:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5124B311-935A-4267-B360-08C8F0BE8691",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-24ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92A4C9B-B5AA-4112-9136-D6E187057BE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48fd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E328765-1E27-4E50-9DE0-556D4A349151",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48fq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8528780-0254-4D21-8172-71BD01988608",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48fqm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97203BEC-044F-4263-A4EA-536486BBEC6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48fs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3AAB4D4-6986-4055-B68D-AA9E306DA5BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48pd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F821C98D-B8E3-44A9-8534-ACBDD4BEB5F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "733850D4-DD9D-40B8-BB7F-FF9C26818FAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48ps:-:*:*:*:*:*:*:*",
"matchCriteriaId": "276373D2-CB95-43F8-A4C4-5A0E1B0046F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48td:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77599A2E-3149-4C7B-90A2-C95E4FAAC3E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A14F739-1643-4425-8C9E-4A7FB831F4B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-48ts:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1D0F90-14C7-404F-9F75-9D9937E489D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3650-8x24uq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE19812-3A07-4561-BB1A-0B43C11F5FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA292FB5-7589-4E22-8AE1-CEE4E987CD9E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-12s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0BCC2C-20D6-40EB-9334-C83FC5F69A93",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-12x48u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3EC00D-ACEA-49DE-A7A8-42CCA6569D2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-12xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1341B21E-49E9-4219-B1B0-592B180D5D09",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-24p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAF61B9-CE12-40E9-9DCE-D3411E74BBB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-24s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DB530A-74B9-43DA-B8E8-A761E6A159F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-24t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8C8EA0-7767-4CC1-88BE-B678FAFD96C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-24u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56929D47-3994-4008-87DA-F64AAB7EB12D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-24xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0CE864-1B46-4040-87F3-3CFE3517422C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-24xu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EFF383-6194-41C0-A6FE-DBF17D43EDDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-48f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9254CA-6616-4743-B146-A120D97350A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-48p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75A217-8CDF-40B5-BB48-D018FFC6BCBA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-48t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1CD87D-3AAA-4474-8C90-26552FF5C90B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-48u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE2EAFB-83D9-4517-9B17-3A6D3D846D9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ws-c3850-48xs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "819E8E03-F31D-47BF-9725-6F352924F002",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de lista de control de acceso (ACL) de RESTCONF y NETCONF-YANG de Cisco IOS XE Software, podr\u00eda permitir a un atacante remoto no autenticado causar que el dispositivo se recargue.\u0026#xa0;La vulnerabilidad es debido al procesamiento incorrecto de la ACL que est\u00e1 vinculada a la funcionalidad RESTCONF o NETCONF-YANG.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el acceso al dispositivo usando RESTCONF o NETCONF-YANG.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante causar que el dispositivo se recargue, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2020-3407",
"lastModified": "2024-11-21T05:30:58.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T18:15:18.183",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-V9H7-8M32-FRWV
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-10-27 19:00
VLAI?
Details
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Severity ?
8.6 (High)
{
"affected": [],
"aliases": [
"CVE-2020-3407"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-24T18:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",
"id": "GHSA-v9h7-8m32-frwv",
"modified": "2022-10-27T19:00:33Z",
"published": "2022-05-24T17:29:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3407"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-3407
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-3407",
"description": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",
"id": "GSD-2020-3407"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-3407"
],
"details": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.",
"id": "GSD-2020-3407",
"modified": "2023-12-13T01:22:09.472522Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3407",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
]
},
"source": {
"advisory": "cisco-sa-confacl-HbPtfSuO",
"defect": [
[
"CSCvs72434"
]
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:15.8\\(3\\)m3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1001-hx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1001-hx-rf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1001-x-rf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1001-x-ws:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1002-hx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1002-hx-rf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1002-hx-ws:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1002-x-rf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:asr1002-x-ws:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200-24p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200-24t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200-48p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200-48t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-24p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-24s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-24t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-24u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-24ux:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-48p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-48s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-48t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-48u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-48un:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9404r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9407r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9410r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-12q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-16x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-24q:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-32c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-32qc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-40x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:csr_1000v:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-12x48uq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-12x48ur:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-12x48uz:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-24pd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-24pdm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-24ps:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-24td:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-24ts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48fd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48fq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48fqm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48fs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48pd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48pq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48ps:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48td:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48tq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-48ts:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3650-8x24uq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-12s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-12x48u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-12xs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-24p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-24s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-24t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-24u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-24xs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-24xu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-48f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-48p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-48t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-48u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:ws-c3850-48xs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2020-3407"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
},
"lastModifiedDate": "2023-05-23T13:55Z",
"publishedDate": "2020-09-24T18:15Z"
}
}
}
CERTFR-2020-AVI-599
Vulnerability from certfr_avis - Published: 2020-09-25 - Updated: 2020-09-25
De multiples vulnérabilités ont été découvertes dans Cisco IOS XE, IOS et AireOS. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Cisco IOS
- Cisco IOS XE
- Cisco IOS XE Software Common Open Policy Service Cisco
- Cisco IOS XE Wireless Controller Software pour Catalyst 9000
- Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List
- Cisco IOS XE Software pour Cisco ASR 1000 Series 20-Gbps Embedded Services Processor
- Cisco IOS XE Software PROFINET
- Cisco IOS XE Software pour Cisco cBR-8
- Cisco IOS XE Software pour Cisco ASR 900 Series Route Switch Processor 3
- Cisco IOS XE Software pour Catalyst 9200 Series Switches Umbrella Connector
- Cisco IOS XE Software IP Service Level Agreements
- Cisco IOS XE Software pour Catalyst 9800 Series Wireless Controllers
- Cisco IOS XE Software Zone-Based Firewall
- Catalyst 9800 Wireless Controllers avec IOS XE ou AireOS
- Wireless LAN Controllers (WLC) avec IOS XE ou AireOS
Se référer aux informations fournies par le logiciel Cisco Software Checker pour confirmer si les versions logicielles en usage dans le système d'information sont affectées ou non.
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eCisco IOS\u003c/li\u003e \u003cli\u003eCisco IOS XE\u003c/li\u003e \u003cli\u003eCisco IOS XE Software Common Open Policy Service Cisco\u003c/li\u003e \u003cli\u003eCisco IOS XE Wireless Controller Software pour Catalyst 9000\u003c/li\u003e \u003cli\u003eCisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Cisco ASR 1000 Series 20-Gbps Embedded Services Processor\u003c/li\u003e \u003cli\u003eCisco IOS XE Software PROFINET\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Cisco cBR-8\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Cisco ASR 900 Series Route Switch Processor 3\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Catalyst 9200 Series Switches Umbrella Connector\u003c/li\u003e \u003cli\u003eCisco IOS XE Software IP Service Level Agreements\u003c/li\u003e \u003cli\u003eCisco IOS XE Software pour Catalyst 9800 Series Wireless Controllers\u003c/li\u003e \u003cli\u003eCisco IOS XE Software Zone-Based Firewall\u003c/li\u003e \u003cli\u003eCatalyst 9800 Wireless Controllers avec IOS XE ou AireOS\u003c/li\u003e \u003cli\u003eWireless LAN Controllers (WLC) avec IOS XE ou AireOS\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux informations fournies par le logiciel \u003cem\u003eCisco Software Checker\u003c/em\u003e pour confirmer si les versions logicielles en usage dans le syst\u00e8me d\u0027information sont affect\u00e9es ou non.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3407",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3407"
},
{
"name": "CVE-2020-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3488"
},
{
"name": "CVE-2020-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3428"
},
{
"name": "CVE-2020-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3390"
},
{
"name": "CVE-2020-3408",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3408"
},
{
"name": "CVE-2020-3359",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3359"
},
{
"name": "CVE-2020-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3414"
},
{
"name": "CVE-2020-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3487"
},
{
"name": "CVE-2020-3526",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3526"
},
{
"name": "CVE-2020-3399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3399"
},
{
"name": "CVE-2020-3494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3494"
},
{
"name": "CVE-2020-3422",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3422"
},
{
"name": "CVE-2020-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3511"
},
{
"name": "CVE-2020-3492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3492"
},
{
"name": "CVE-2020-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3509"
},
{
"name": "CVE-2020-3486",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3486"
},
{
"name": "CVE-2020-3512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3512"
},
{
"name": "CVE-2020-3421",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3421"
},
{
"name": "CVE-2020-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3510"
},
{
"name": "CVE-2020-3465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3465"
},
{
"name": "CVE-2020-3429",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3429"
},
{
"name": "CVE-2020-3513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3513"
},
{
"name": "CVE-2020-3480",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3480"
},
{
"name": "CVE-2020-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3416"
},
{
"name": "CVE-2020-3508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3508"
},
{
"name": "CVE-2020-3497",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3497"
},
{
"name": "CVE-2020-3409",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3409"
},
{
"name": "CVE-2020-3493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3493"
},
{
"name": "CVE-2020-3489",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3489"
},
{
"name": "CVE-2020-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3524"
}
],
"initial_release_date": "2020-09-25T00:00:00",
"last_revision_date": "2020-09-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipsla-jw2DJmSv du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-jw2DJmSv"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K"
}
],
"reference": "CERTFR-2020-AVI-599",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IOS XE, IOS\net AireOS. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de type d\u00e9ni de service dans Cisco IOS, IOS XE, AireOS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wpa-dos-cXshjerc du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-zbfw-94ckG4G du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K du 24 septembre 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-isdn-q931-dos-67eUZBTf du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capwap-dos-TPdNTdyq du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-COPS-VLD-MpbTvGEW du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-splitdns-SPWqpdGW du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esp20-arp-dos-GvHVggqJ du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-mdns-dos-3tH6cA9J du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-umbrella-dos-t2QMUX37 du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-dhcp-dos-JSCKX43h du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcp-dos-JSCKX43h"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-confacl-HbPtfSuO du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-profinet-J9QMCHPB du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capwap-dos-ShFzXf du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ISR4461-gKKUROhx du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISR4461-gKKUROhx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-profinet-dos-65qYG3W5 du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dclass-dos-VKh9D8k3 du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipsla-jw2DJmSv du 24 septembre 2020",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-le-drTOB625 du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX du 24 septembre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…