Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3353

Опубликовано: 03 июн. 2020
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch10:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch11:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch12:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch9:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch1:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00377
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362
CWE-362

Связанные уязвимости

github логотип

GHSA-vrjw-2w56-8m6q

CVSS3: 5.9
github
больше 3 лет назад

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.

fstec логотип

BDU:2020-03034

CVSS3: 5.9
fstec
больше 5 лет назад

Уязвимость механизма обработки системного журнала платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 59%
0.00377
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-362
CWE-362