Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-02757

Опубликовано: 03 июн. 2020
Источник: fstec
CVSS3: 7.7
CVSS2: 6.3
EPSS Низкий

Описание

Уязвимость обработчика пакетов Simple Network Management Protocol операционных систем Cisco IOS и IOS XE связана с несанкционированному доступу к индексируемому источнику. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.
Oracle Corp.

Наименование ПО

Cisco IOS
Cisco IOS XE
Management Pack for Oracle GoldenGate

Версия ПО

15.2(4)E (Cisco IOS)
15.0(2)SG5 (Cisco IOS)
15.1(2)SG3 (Cisco IOS)
3.4.7aSG (Cisco IOS XE)
3.6.5bE (Cisco IOS XE)
3.7.0e (Cisco IOS XE)
3.7.1e (Cisco IOS XE)
3.7.2e (Cisco IOS XE)
3.7.3e (Cisco IOS XE)
15.2(2)E5b (Cisco IOS)
15.0(1)EY (Cisco IOS)
15.0(1)EY2 (Cisco IOS)
15.1(1)SG (Cisco IOS)
15.1(2)SG (Cisco IOS)
15.1(1)SG1 (Cisco IOS)
15.1(1)SG2 (Cisco IOS)
15.1(2)SG1 (Cisco IOS)
15.1(2)SG2 (Cisco IOS)
15.1(2)SG4 (Cisco IOS)
15.1(2)SG5 (Cisco IOS)
15.1(2)SG6 (Cisco IOS)
15.1(2)SG7 (Cisco IOS)
15.1(2)SG8 (Cisco IOS)
15.2(1)E (Cisco IOS)
15.2(2)E (Cisco IOS)
15.2(1)E1 (Cisco IOS)
15.2(3)E (Cisco IOS)
15.2(1)E3 (Cisco IOS)
15.2(2)E1 (Cisco IOS)
15.2(3)E1 (Cisco IOS)
15.2(2)E2 (Cisco IOS)
15.2(2)E3 (Cisco IOS)
15.2(3)E2 (Cisco IOS)
15.2(3)E3 (Cisco IOS)
15.2(4)E1 (Cisco IOS)
15.2(2)E4 (Cisco IOS)
15.2(2)E5 (Cisco IOS)
15.2(4)E2 (Cisco IOS)
15.2(3)E4 (Cisco IOS)
15.2(4)E3 (Cisco IOS)
15.2(2)E6 (Cisco IOS)
15.2(2)E5a (Cisco IOS)
15.2(3)E5 (Cisco IOS)
15.2(4)E4 (Cisco IOS)
15.2(2)E7 (Cisco IOS)
15.2(4)E5 (Cisco IOS)
15.2(2)E7b (Cisco IOS)
15.2(4)E5a (Cisco IOS)
15.0(2)EX2 (Cisco IOS)
15.0(2)EX8 (Cisco IOS)
15.2(2b)E (Cisco IOS)
3.3.0XO (Cisco IOS XE)
3.3.1XO (Cisco IOS XE)
3.3.2XO (Cisco IOS XE)
3.4.0SG (Cisco IOS XE)
3.4.2SG (Cisco IOS XE)
3.4.1SG (Cisco IOS XE)
3.4.3SG (Cisco IOS XE)
3.4.4SG (Cisco IOS XE)
3.4.5SG (Cisco IOS XE)
3.4.6SG (Cisco IOS XE)
3.4.8SG (Cisco IOS XE)
3.5.0E (Cisco IOS XE)
3.5.1E (Cisco IOS XE)
3.5.2E (Cisco IOS XE)
3.5.3E (Cisco IOS XE)
3.6.0E (Cisco IOS XE)
3.6.1E (Cisco IOS XE)
3.6.0bE (Cisco IOS XE)
3.6.3E (Cisco IOS XE)
3.6.4E (Cisco IOS XE)
3.6.5E (Cisco IOS XE)
3.6.6E (Cisco IOS XE)
3.6.5aE (Cisco IOS XE)
3.6.7E (Cisco IOS XE)
3.8.0E (Cisco IOS XE)
3.8.1E (Cisco IOS XE)
3.8.2E (Cisco IOS XE)
3.8.3E (Cisco IOS XE)
3.8.4E (Cisco IOS XE)
3.8.5E (Cisco IOS XE)
3.8.5aE (Cisco IOS XE)
3.9.0E (Cisco IOS XE)
3.9.1E (Cisco IOS XE)
3.9.2E (Cisco IOS XE)
3.9.2bE (Cisco IOS XE)
3.10.0E (Cisco IOS XE)
3.10.0cE (Cisco IOS XE)
3.2.1SG (Cisco IOS XE)
3.2.2SG (Cisco IOS XE)
3.2.3SG (Cisco IOS XE)
3.2.4SG (Cisco IOS XE)
3.2.5SG (Cisco IOS XE)
3.2.6SG (Cisco IOS XE)
3.2.7SG (Cisco IOS XE)
3.2.8SG (Cisco IOS XE)
3.2.9SG (Cisco IOS XE)
3.2.10SG (Cisco IOS XE)
3.2.11SG (Cisco IOS XE)
3.3.0SG (Cisco IOS XE)
3.3.2SG (Cisco IOS XE)
3.3.1SG (Cisco IOS XE)
3.6.10E (Cisco IOS XE)
3.2.0SG (Cisco IOS XE)
3.8.6E (Cisco IOS XE)
3.8.7E (Cisco IOS XE)
3.10.1E (Cisco IOS XE)
3.10.1aE (Cisco IOS XE)
3.10.1sE (Cisco IOS XE)
12.2(53)SG1 (Cisco IOS)
12.2(53)SG2 (Cisco IOS)
12.2(53)SG3 (Cisco IOS)
12.2(54)SG1 (Cisco IOS)
12.2(52)SG (Cisco IOS)
12.2(54)SG (Cisco IOS)
12.2(53)SG4 (Cisco IOS)
12.2(53)SG5 (Cisco IOS)
12.2(53)SG6 (Cisco IOS)
12.2(53)SG7 (Cisco IOS)
12.2(53)SG8 (Cisco IOS)
12.2(53)SG9 (Cisco IOS)
12.2(53)SG10 (Cisco IOS)
12.2(53)SG11 (Cisco IOS)
15.0(1)XO1 (Cisco IOS)
15.0(1)XO (Cisco IOS)
15.0(2)XO (Cisco IOS)
12.2(54)WO (Cisco IOS)
15.0(2)SG (Cisco IOS)
15.0(2)SG1 (Cisco IOS)
15.0(2)SG2 (Cisco IOS)
15.0(2)SG3 (Cisco IOS)
15.0(2)SG4 (Cisco IOS)
15.0(2)SG6 (Cisco IOS)
15.0(2)SG7 (Cisco IOS)
15.0(2)SG8 (Cisco IOS)
15.0(2)SG9 (Cisco IOS)
15.0(2)SG10 (Cisco IOS)
15.0(2)SG11 (Cisco IOS)
15.2(2)E8 (Cisco IOS)
15.2(4)E6 (Cisco IOS)
15.2(2)E9 (Cisco IOS)
15.2(4)E7 (Cisco IOS)
15.2(2)E10 (Cisco IOS)
15.2(2)E9a (Cisco IOS)
3.6.8E (Cisco IOS XE)
3.6.9aE (Cisco IOS XE)
3.10.2E (Cisco IOS XE)
15.3(3)JPJ (Cisco IOS)
15.2(4)E8 (Cisco IOS)
3.8.8E (Cisco IOS XE)
12.2.1.2.0 (Management Pack for Oracle GoldenGate)

Тип ПО

Операционная система
Прикладное ПО информационных систем

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS 15.2(4)E
Cisco Systems Inc. Cisco IOS 15.0(2)SG5
Cisco Systems Inc. Cisco IOS 15.1(2)SG3
Cisco Systems Inc. Cisco IOS XE 3.4.7aSG
Cisco Systems Inc. Cisco IOS XE 3.6.5bE
Cisco Systems Inc. Cisco IOS XE 3.7.0e
Cisco Systems Inc. Cisco IOS XE 3.7.1e
Cisco Systems Inc. Cisco IOS XE 3.7.2e
Cisco Systems Inc. Cisco IOS XE 3.7.3e
Cisco Systems Inc. Cisco IOS 15.2(2)E5b
Cisco Systems Inc. Cisco IOS 15.0(1)EY
Cisco Systems Inc. Cisco IOS 15.0(1)EY2
Cisco Systems Inc. Cisco IOS 15.1(1)SG
Cisco Systems Inc. Cisco IOS 15.1(2)SG
Cisco Systems Inc. Cisco IOS 15.1(1)SG1
Cisco Systems Inc. Cisco IOS 15.1(1)SG2
Cisco Systems Inc. Cisco IOS 15.1(2)SG1
Cisco Systems Inc. Cisco IOS 15.1(2)SG2
Cisco Systems Inc. Cisco IOS 15.1(2)SG4
Cisco Systems Inc. Cisco IOS 15.1(2)SG5
Cisco Systems Inc. Cisco IOS 15.1(2)SG6
Cisco Systems Inc. Cisco IOS 15.1(2)SG7
Cisco Systems Inc. Cisco IOS 15.1(2)SG8
Cisco Systems Inc. Cisco IOS 15.2(1)E
Cisco Systems Inc. Cisco IOS 15.2(2)E
Cisco Systems Inc. Cisco IOS 15.2(1)E1
Cisco Systems Inc. Cisco IOS 15.2(3)E
Cisco Systems Inc. Cisco IOS 15.2(1)E3
Cisco Systems Inc. Cisco IOS 15.2(2)E1
Cisco Systems Inc. Cisco IOS 15.2(3)E1
Cisco Systems Inc. Cisco IOS 15.2(2)E2
Cisco Systems Inc. Cisco IOS 15.2(2)E3
Cisco Systems Inc. Cisco IOS 15.2(3)E2
Cisco Systems Inc. Cisco IOS 15.2(3)E3
Cisco Systems Inc. Cisco IOS 15.2(4)E1
Cisco Systems Inc. Cisco IOS 15.2(2)E4
Cisco Systems Inc. Cisco IOS 15.2(2)E5
Cisco Systems Inc. Cisco IOS 15.2(4)E2
Cisco Systems Inc. Cisco IOS 15.2(3)E4
Cisco Systems Inc. Cisco IOS 15.2(4)E3
Cisco Systems Inc. Cisco IOS 15.2(2)E6
Cisco Systems Inc. Cisco IOS 15.2(2)E5a
Cisco Systems Inc. Cisco IOS 15.2(3)E5
Cisco Systems Inc. Cisco IOS 15.2(4)E4
Cisco Systems Inc. Cisco IOS 15.2(2)E7
Cisco Systems Inc. Cisco IOS 15.2(4)E5
Cisco Systems Inc. Cisco IOS 15.2(2)E7b
Cisco Systems Inc. Cisco IOS 15.2(4)E5a
Cisco Systems Inc. Cisco IOS 15.0(2)EX2
Cisco Systems Inc. Cisco IOS 15.0(2)EX8
Cisco Systems Inc. Cisco IOS 15.2(2b)E
Cisco Systems Inc. Cisco IOS XE 3.3.0XO
Cisco Systems Inc. Cisco IOS XE 3.3.1XO
Cisco Systems Inc. Cisco IOS XE 3.3.2XO
Cisco Systems Inc. Cisco IOS XE 3.4.0SG
Cisco Systems Inc. Cisco IOS XE 3.4.2SG
Cisco Systems Inc. Cisco IOS XE 3.4.1SG
Cisco Systems Inc. Cisco IOS XE 3.4.3SG
Cisco Systems Inc. Cisco IOS XE 3.4.4SG
Cisco Systems Inc. Cisco IOS XE 3.4.5SG
Cisco Systems Inc. Cisco IOS XE 3.4.6SG
Cisco Systems Inc. Cisco IOS XE 3.4.8SG
Cisco Systems Inc. Cisco IOS XE 3.5.0E
Cisco Systems Inc. Cisco IOS XE 3.5.1E
Cisco Systems Inc. Cisco IOS XE 3.5.2E
Cisco Systems Inc. Cisco IOS XE 3.5.3E
Cisco Systems Inc. Cisco IOS XE 3.6.0E
Cisco Systems Inc. Cisco IOS XE 3.6.1E
Cisco Systems Inc. Cisco IOS XE 3.6.0bE
Cisco Systems Inc. Cisco IOS XE 3.6.3E
Cisco Systems Inc. Cisco IOS XE 3.6.4E
Cisco Systems Inc. Cisco IOS XE 3.6.5E
Cisco Systems Inc. Cisco IOS XE 3.6.6E
Cisco Systems Inc. Cisco IOS XE 3.6.5aE
Cisco Systems Inc. Cisco IOS XE 3.6.7E
Cisco Systems Inc. Cisco IOS XE 3.8.0E
Cisco Systems Inc. Cisco IOS XE 3.8.1E
Cisco Systems Inc. Cisco IOS XE 3.8.2E
Cisco Systems Inc. Cisco IOS XE 3.8.3E
Cisco Systems Inc. Cisco IOS XE 3.8.4E
Cisco Systems Inc. Cisco IOS XE 3.8.5E
Cisco Systems Inc. Cisco IOS XE 3.8.5aE
Cisco Systems Inc. Cisco IOS XE 3.9.0E
Cisco Systems Inc. Cisco IOS XE 3.9.1E
Cisco Systems Inc. Cisco IOS XE 3.9.2E
Cisco Systems Inc. Cisco IOS XE 3.9.2bE
Cisco Systems Inc. Cisco IOS XE 3.10.0E
Cisco Systems Inc. Cisco IOS XE 3.10.0cE
Cisco Systems Inc. Cisco IOS XE 3.2.1SG
Cisco Systems Inc. Cisco IOS XE 3.2.2SG
Cisco Systems Inc. Cisco IOS XE 3.2.3SG
Cisco Systems Inc. Cisco IOS XE 3.2.4SG
Cisco Systems Inc. Cisco IOS XE 3.2.5SG
Cisco Systems Inc. Cisco IOS XE 3.2.6SG
Cisco Systems Inc. Cisco IOS XE 3.2.7SG
Cisco Systems Inc. Cisco IOS XE 3.2.8SG
Cisco Systems Inc. Cisco IOS XE 3.2.9SG
Cisco Systems Inc. Cisco IOS XE 3.2.10SG
Cisco Systems Inc. Cisco IOS XE 3.2.11SG
Cisco Systems Inc. Cisco IOS XE 3.3.0SG
Cisco Systems Inc. Cisco IOS XE 3.3.2SG
Cisco Systems Inc. Cisco IOS XE 3.3.1SG
Cisco Systems Inc. Cisco IOS XE 3.6.10E
Cisco Systems Inc. Cisco IOS XE 3.2.0SG
Cisco Systems Inc. Cisco IOS XE 3.8.6E
Cisco Systems Inc. Cisco IOS XE 3.8.7E
Cisco Systems Inc. Cisco IOS XE 3.10.1E
Cisco Systems Inc. Cisco IOS XE 3.10.1aE
Cisco Systems Inc. Cisco IOS XE 3.10.1sE
Cisco Systems Inc. Cisco IOS 12.2(53)SG1
Cisco Systems Inc. Cisco IOS 12.2(53)SG2
Cisco Systems Inc. Cisco IOS 12.2(53)SG3
Cisco Systems Inc. Cisco IOS 12.2(54)SG1
Cisco Systems Inc. Cisco IOS 12.2(52)SG
Cisco Systems Inc. Cisco IOS 12.2(54)SG
Cisco Systems Inc. Cisco IOS 12.2(53)SG4
Cisco Systems Inc. Cisco IOS 12.2(53)SG5
Cisco Systems Inc. Cisco IOS 12.2(53)SG6
Cisco Systems Inc. Cisco IOS 12.2(53)SG7
Cisco Systems Inc. Cisco IOS 12.2(53)SG8
Cisco Systems Inc. Cisco IOS 12.2(53)SG9
Cisco Systems Inc. Cisco IOS 12.2(53)SG10
Cisco Systems Inc. Cisco IOS 12.2(53)SG11
Cisco Systems Inc. Cisco IOS 15.0(1)XO1
Cisco Systems Inc. Cisco IOS 15.0(1)XO
Cisco Systems Inc. Cisco IOS 15.0(2)XO
Cisco Systems Inc. Cisco IOS 12.2(54)WO
Cisco Systems Inc. Cisco IOS 15.0(2)SG
Cisco Systems Inc. Cisco IOS 15.0(2)SG1
Cisco Systems Inc. Cisco IOS 15.0(2)SG2
Cisco Systems Inc. Cisco IOS 15.0(2)SG3
Cisco Systems Inc. Cisco IOS 15.0(2)SG4
Cisco Systems Inc. Cisco IOS 15.0(2)SG6
Cisco Systems Inc. Cisco IOS 15.0(2)SG7
Cisco Systems Inc. Cisco IOS 15.0(2)SG8
Cisco Systems Inc. Cisco IOS 15.0(2)SG9
Cisco Systems Inc. Cisco IOS 15.0(2)SG10
Cisco Systems Inc. Cisco IOS 15.0(2)SG11
Cisco Systems Inc. Cisco IOS 15.2(2)E8
Cisco Systems Inc. Cisco IOS 15.2(4)E6
Cisco Systems Inc. Cisco IOS 15.2(2)E9
Cisco Systems Inc. Cisco IOS 15.2(4)E7
Cisco Systems Inc. Cisco IOS 15.2(2)E10
Cisco Systems Inc. Cisco IOS 15.2(2)E9a
Cisco Systems Inc. Cisco IOS XE 3.6.8E
Cisco Systems Inc. Cisco IOS XE 3.6.9aE
Cisco Systems Inc. Cisco IOS XE 3.10.2E
Cisco Systems Inc. Cisco IOS 15.3(3)JPJ
Cisco Systems Inc. Cisco IOS 15.2(4)E8
Cisco Systems Inc. Cisco IOS XE 3.8.8E

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,3)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,4)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpuoct2020.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 52%
0.00287
Низкий

7.7 High

CVSS3

6.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2020-3235

CVSS3: 7.7
nvd
больше 5 лет назад

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

github логотип

GHSA-mwgg-45mm-wcjm

CVSS3: 7.7
github
больше 3 лет назад

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

EPSS

Процентиль: 52%
0.00287
Низкий

7.7 High

CVSS3

6.3 Medium

CVSS2