Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-3200

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-03 Jun, 2020 | 17:45
Updated At-15 Nov, 2024 | 17:12
Rejected At-
Credits

Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:03 Jun, 2020 | 17:45
Updated At:15 Nov, 2024 | 17:12
Rejected At:
▼CVE Numbering Authority (CNA)
Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco IOS 12.2(58)SE
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-371CWE-371
Type: CWE
CWE ID: CWE-371
Description: CWE-371
Metrics
VersionBase scoreBase severityVector
3.07.7HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Version: 3.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A
vendor-advisory
x_refsource_CISCO
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A
Resource:
vendor-advisory
x_refsource_CISCO
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A
vendor-advisory
x_refsource_CISCO
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A
Resource:
vendor-advisory
x_refsource_CISCO
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:03 Jun, 2020 | 18:15
Updated At:10 Jun, 2020 | 16:12

A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.7HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Secondary3.07.7HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary2.06.8MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 7.7
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>ios>>12.2\(6\)i1
cpe:2.3:o:cisco:ios:12.2\(6\)i1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)ex
cpe:2.3:o:cisco:ios:12.2\(58\)ex:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)ey
cpe:2.3:o:cisco:ios:12.2\(58\)ey:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)ey1
cpe:2.3:o:cisco:ios:12.2\(58\)ey1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)ey2
cpe:2.3:o:cisco:ios:12.2\(58\)ey2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)ez
cpe:2.3:o:cisco:ios:12.2\(58\)ez:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)se
cpe:2.3:o:cisco:ios:12.2\(58\)se:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)se1
cpe:2.3:o:cisco:ios:12.2\(58\)se1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(58\)se2
cpe:2.3:o:cisco:ios:12.2\(58\)se2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez
cpe:2.3:o:cisco:ios:12.2\(60\)ez:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez1
cpe:2.3:o:cisco:ios:12.2\(60\)ez1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez2
cpe:2.3:o:cisco:ios:12.2\(60\)ez2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez3
cpe:2.3:o:cisco:ios:12.2\(60\)ez3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez4
cpe:2.3:o:cisco:ios:12.2\(60\)ez4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez5
cpe:2.3:o:cisco:ios:12.2\(60\)ez5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez6
cpe:2.3:o:cisco:ios:12.2\(60\)ez6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez7
cpe:2.3:o:cisco:ios:12.2\(60\)ez7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez8
cpe:2.3:o:cisco:ios:12.2\(60\)ez8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez9
cpe:2.3:o:cisco:ios:12.2\(60\)ez9:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez10
cpe:2.3:o:cisco:ios:12.2\(60\)ez10:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez11
cpe:2.3:o:cisco:ios:12.2\(60\)ez11:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez12
cpe:2.3:o:cisco:ios:12.2\(60\)ez12:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez13
cpe:2.3:o:cisco:ios:12.2\(60\)ez13:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.2\(60\)ez14
cpe:2.3:o:cisco:ios:12.2\(60\)ez14:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)md
cpe:2.3:o:cisco:ios:12.4\(22\)md:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)md1
cpe:2.3:o:cisco:ios:12.4\(22\)md1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)md2
cpe:2.3:o:cisco:ios:12.4\(22\)md2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda
cpe:2.3:o:cisco:ios:12.4\(22\)mda:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda1
cpe:2.3:o:cisco:ios:12.4\(22\)mda1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda2
cpe:2.3:o:cisco:ios:12.4\(22\)mda2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda3
cpe:2.3:o:cisco:ios:12.4\(22\)mda3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda4
cpe:2.3:o:cisco:ios:12.4\(22\)mda4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda5
cpe:2.3:o:cisco:ios:12.4\(22\)mda5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)mda6
cpe:2.3:o:cisco:ios:12.4\(22\)mda6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)t
cpe:2.3:o:cisco:ios:12.4\(22\)t:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)t1
cpe:2.3:o:cisco:ios:12.4\(22\)t1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)t2
cpe:2.3:o:cisco:ios:12.4\(22\)t2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)t3
cpe:2.3:o:cisco:ios:12.4\(22\)t3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)t4
cpe:2.3:o:cisco:ios:12.4\(22\)t4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)t5
cpe:2.3:o:cisco:ios:12.4\(22\)t5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr1
cpe:2.3:o:cisco:ios:12.4\(22\)xr1:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr2
cpe:2.3:o:cisco:ios:12.4\(22\)xr2:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr3
cpe:2.3:o:cisco:ios:12.4\(22\)xr3:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr4
cpe:2.3:o:cisco:ios:12.4\(22\)xr4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr5
cpe:2.3:o:cisco:ios:12.4\(22\)xr5:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr6
cpe:2.3:o:cisco:ios:12.4\(22\)xr6:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr7
cpe:2.3:o:cisco:ios:12.4\(22\)xr7:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr8
cpe:2.3:o:cisco:ios:12.4\(22\)xr8:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr9
cpe:2.3:o:cisco:ios:12.4\(22\)xr9:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>ios>>12.4\(22\)xr10
cpe:2.3:o:cisco:ios:12.4\(22\)xr10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-436Primarynvd@nist.gov
CWE-371Secondaryykramarz@cisco.com
CWE ID: CWE-436
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-371
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2Aykramarz@cisco.com
Patch
Vendor Advisory
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A
Source: ykramarz@cisco.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

114Records found
CVE-2021-1478
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.90%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-unified_communications_managerhosted_collaboration_mediation_fulfillmentCisco Unified Communications Manager
CWE ID-CWE-284
Improper Access Control
CVE-2021-1422
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.43% / 61.56%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 12:25
Updated-07 Nov, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of decryption errors. An attacker could exploit this vulnerability by sending malicious packets over an established IPsec connection. A successful exploit could cause the device to crash, forcing it to reload. Important: Successful exploitation of this vulnerability would not cause a compromise of any encrypted data. Note: This vulnerability affects only Cisco ASA Software Release 9.16.1 and Cisco FTD Software Release 7.0.0.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_2140firepower_2120ftd_virtualadaptive_security_appliance_softwarefirepower_2130firepower_2100firepower_2110firepower_threat_defenseadaptive_security_virtual_applianceCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-617
Reachable Assertion
CVE-2021-1266
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.52%
||
7 Day CHG~0.00%
Published-04 Feb, 2021 | 16:35
Updated-08 Nov, 2024 | 23:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Managed Services Accelerator Denial of Service Vulnerability

A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-managed_services_acceleratorCisco Managed Services Accelerator
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-3310
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 61.27%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:40
Updated-15 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could exploit this vulnerability in multiple ways using a malicious file: An attacker with administrative privileges could upload a malicious XML file on the system and cause the XML code to parse the malicious file. An attacker with Clientless Secure Sockets Layer (SSL) VPN access could exploit this vulnerability by sending a crafted XML file. A successful exploit would allow the attacker to crash the XML parser process, which could cause system instability, memory exhaustion, and in some cases lead to a reload of the affected system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_device_manager_on-boxCisco Firepower Threat Defense Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-0282
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.36% / 57.40%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 00:00
Updated-21 Nov, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ie_2000-4ts-gcatalyst_2960cg-8tc-lembedded_service_2020_24tc_con_bcatalyst_3560cpd-8pt-sie_2000-4tcatalyst_2960s-48fps-lcatalyst_3560cg-8tc-sie_2000-16tc-gcatalyst_2960c-8tc-lcatalyst_3750x-48t-lcatalyst_3750x-24p-scatalyst_2960x-24td-lcatalyst_2960x-48fpd-lcatalyst_2960x-24ts-llcatalyst_2960-plus_48pst-lie_3000-8tccatalyst_3750x-24p-ecatalyst_2960x-24pd-lcatalyst_3750x-12s-scatalyst_2960cpd-8tt-lcatalyst_2960-plus_24pc-scatalyst_3560x-48t-scatalyst_3560x-48p-eie_2000-16ptc-gcatalyst_2960xr-24td-icatalyst_3560c-8pc-scatalyst_3560x-48p-lcatalyst_3750x-48t-sembedded_service_2020_24tc_ncpcatalyst_2960-plus_48pst-sie_2000-8tc-gcatalyst_2960s-48lpd-lie_2000-4tscatalyst_3750x-48u-ecatalyst_3560x-24p-lcatalyst_2960s-f48ts-scatalyst_3560x-48pf-lcatalyst_3750x-48u-scatalyst_3750x-24s-eembedded_service_2020_ncp_bcatalyst_2960x-24ps-lcatalyst_4500_supervisor_engine_6-ecatalyst_2960s-24ts-lcatalyst_2960x-48ts-lcatalyst_2960s-f48fps-lie_2000-16tc-g-ecatalyst_4500_supervisor_engine_6l-ecatalyst_3560x-48t-ecatalyst_2960-plus_24tc-lcatalyst_3750x-24t-lcatalyst_3750x-12s-eembedded_service_2020_concatalyst_3560x-24u-ecatalyst_3560x-48u-eembedded_service_2020_24tc_concatalyst_2960s-48ts-lcatalyst_2960x-48lps-lcatalyst_2960x-48td-lie_2000-16tccatalyst_3560x-48u-scatalyst_3750x-24u-scatalyst_2960xr-48td-iembedded_service_2020_con_bcatalyst_2960xr-24ps-icatalyst_2960x-48ts-llcatalyst_2960s-f24ps-lcatalyst_2960s-f48lps-lcatalyst_2960xr-24pd-icatalyst_2960cpd-8pt-lcatalyst_2960-plus_24pc-lcatalyst_2960s-f24ts-lcatalyst_3560x-48pf-scatalyst_2960s-f24ts-scatalyst_2960c-8tc-sie-3010-24tccatalyst_2960-plus_24lc-lcatalyst_3750x-48p-sie_2000-8tcie_2000-8tc-g-ecatalyst_2960-plus_48tc-lcatalyst_3750x-48pf-scatalyst_3560x-24t-lie_2000-4t-gcatalyst_3560x-24p-ecatalyst_2960x-48lpd-lcatalyst_3750x-24p-lie_3000-4tcie_2000-8tc-g-ncatalyst_3560cg-8pc-scatalyst_3560x-48t-lcatalyst_3560x-48u-lcatalyst_3750x-24s-sie_2000-16tc-g-xcatalyst_3560x-24u-lcatalyst_2960s-48fpd-lcatalyst_2960s-48ts-ssm-x_layer_2\/3_etherswitch_service_modulecatalyst_2960s-24td-lcatalyst_3560x-48p-scatalyst_2960-plus_24lc-scatalyst_3750x-48p-lcatalyst_2960s-48td-lie_2000-24t67catalyst_2960xr-24ts-icatalyst_3750x-24u-lcatalyst_2960xr-48lps-icatalyst_2960x-24psq-lcatalyst_2960xr-48ts-icatalyst_3560x-24t-ecatalyst_4948ecatalyst_2960-plus_24tc-scatalyst_4948e-fcatalyst_2960s-24ps-lcatalyst_2960s-f48ts-lcatalyst_3560x-24p-scatalyst_2960xr-48fps-iie-3010-16s-8pccatalyst_2960c-8pc-lcatalyst_2960-plus_48tc-scatalyst_4900mie_2000-16t67embedded_service_2020_ncpcatalyst_3750x-48u-lioscatalyst_2960xr-48fpd-icatalyst_3560x-48pf-eie_2000-4s-ts-gcatalyst_2960s-24pd-lcatalyst_3750x-48t-eie_2000-16t67pie_2000-8t67pcatalyst_3750x-48p-ecatalyst_3560x-24t-scatalyst_3750x-24t-scatalyst_3750x-48pf-ecatalyst_2960xr-48lpd-iie_2000-16tc-g-ncatalyst_3560c-12pc-scatalyst_3560x-24u-sios_xecatalyst_2960c-12pc-lcatalyst_3750x-24t-ecatalyst_3750x-24u-ecatalyst_3750x-48pf-lcatalyst_2960x-24ts-lie_2000-8t67catalyst_2960s-48lps-lcatalyst_2960x-48fps-lembedded_service_2020_24tc_ncp_bCisco IOS
CWE ID-CWE-371
Not Available
CVE-2020-3422
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.23% / 78.33%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 18:01
Updated-13 Nov, 2024 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability

A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-1111x_integrated_services_routercatalyst_3850catalyst_3650asr_1013catalyst_9200catalyst_98004431_integrated_services_router1160_integrated_services_routercatalyst_9600catalyst_9500asr_1002-hxcsr_1000v1100_integrated_services_routerios_xe4221_integrated_services_router4331_integrated_services_routerasr_10064461_integrated_services_routercatalyst_9300asr_1001-xasr_10041109_integrated_services_router1101_integrated_services_routercatalyst_9400asr_1001-hx111x_integrated_services_routerasr_1002-x1120_integrated_services_routerasr_1009-xasr_1006-xCisco IOS XE Software
CWE ID-CWE-371
Not Available
CVE-2020-3574
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.50%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 18:16
Updated-13 Nov, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_room_phoneip_phone_8841_firmwareip_dect_6825_firmwareip_phone_8841ip_dect_210ip_phone_8861unified_ip_conference_phone_8831_firmwareip_phone_8811ip_dect_6825ip_phone_8811_firmwareip_phone_8851ip_dect_210_firmwareip_phone_8861_firmwarewebex_room_phone_firmwareunified_ip_conference_phone_8831ip_phone_8851_firmwareCisco IP Phones with Multiplatform Firmware
CWE ID-CWE-371
Not Available
CVE-2022-20915
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:43
Updated-01 Nov, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service Vulnerability

A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software
CWE ID-CWE-115
Misinterpretation of Input
CWE ID-CWE-436
Interpretation Conflict
CVE-2020-3564
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.25% / 48.46%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 18:40
Updated-13 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and successfully complete FTP connections.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-adaptive_security_appliancefirepower_threat_defenseadaptive_security_appliance_softwareCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-436
Interpretation Conflict
CVE-2019-1977
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.95% / 75.39%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 21:50
Updated-21 Nov, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus 9000 Series Fabric Switches ACI Mode Border Leaf Endpoint Learning Vulnerability

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9348gc-fxpnexus_9332pqnexus_93108tc-exnexus_9396pxnx-osnexus_9372pxnexus_9508nexus_93120txnexus_93128txnexus_93180yc-fxnexus_9000nexus_9372txnexus_9504nexus_9372tx-enexus_93108tc-fxnexus_93180yc-exnexus_9372px-enexus_9396txnexus_9336pqnexus_9516nexus_9364cnexus_9336c-fx2Cisco Nexus 9000 Series Fabric Switches in ACI
CWE ID-CWE-371
Not Available
CVE-2024-20455
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.48% / 64.14%
||
7 Day CHG+0.12%
Published-25 Sep, 2024 | 16:18
Updated-24 Oct, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because UTD improperly handles certain packets as those packets egress an SD-WAN IPsec tunnel. An attacker could exploit this vulnerability by sending crafted traffic through an SD-WAN IPsec tunnel that is configured on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: SD-WAN tunnels that are configured with Generic Routing Encapsulation (GRE) are not affected by this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeios_xe_sd-wanCisco IOS XE SoftwareCisco IOS XE Catalyst SD-WANios_xeios_xe_catalyst_sd-wan
CWE ID-CWE-371
Not Available
CVE-2024-20293
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.09% / 26.33%
||
7 Day CHG~0.00%
Published-22 May, 2024 | 16:55
Updated-30 Jul, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to a logic error that occurs when an ACL changes from inactive to active in the running configuration of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. The reverse condition is also true—traffic that should be permitted could be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. Note: This vulnerability applies to both IPv4 and IPv6 traffic as well as dual-stack ACL configurations in which both IPv4 and IPv6 ACLs are configured on an interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_threat_defenseadaptive_security_appliance_softwareCisco Firepower Threat Defense SoftwareCisco Adaptive Security Appliance (ASA) Softwarefirepower_management_centeradaptive_security_appliance
CWE ID-CWE-436
Interpretation Conflict
CVE-2021-1587
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.35% / 56.61%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 19:11
Updated-07 Nov, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_9332pqnexus_3548-x\/xlnexus_93108tc-exnx-osnexus_3636c-rnexus_9364c-gxnexus_9372pxnexus_9508nexus_93108tc-fx-24nexus_92304qcnexus_93120txnexus_92160yc-xnexus_93128txnexus_9316d-gxnexus_93108tc-ex-24nexus_3524-x\/xlnexus_3048nexus_9372tx-enexus_93108tc-fx3pnexus_93108tc-fxnexus_93360yc-fx2nexus_9396txnexus_31128pqnexus_3132q-vnexus_93180yc-fx3snexus_9332cnexus_3164qnexus_92300ycnexus_92348gc-xnexus_9336c-fx2nexus_9364cnexus_3132c-znexus_3172pq\/pq-xlnexus_31108tc-vnexus_3232cnexus_9348gc-fxpnexus_9272qnexus_93180yc-fx-24nexus_9336c-fx2-enexus_9396pxnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_3264c-enexus_93240yc-fx2nexus_3132q-x\/3132q-xlnexus_93180yc-fxnexus_9372txnexus_3264qnexus_3432d-snexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_34180ycnexus_9000vnexus_93600cd-gxnexus_9372px-enexus_3000nexus_31108pc-vnexus_9236cnexus_93180yc-fx3nexus_93180yc-ex-24Cisco NX-OS Software
CWE ID-CWE-115
Misinterpretation of Input
CWE ID-CWE-436
Interpretation Conflict
CVE-2020-3385
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.05% / 15.93%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:22
Updated-15 Nov, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_cloud_routersd-wan_firmwarevedge_5000Cisco SD-WAN vEdge router
CWE ID-CWE-371
Not Available
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found