Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3426

Опубликовано: 24 сент. 2020
Источник: nvd
CVSS3: 7.5
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%
0.00525
Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-264
CWE-20

Связанные уязвимости

github логотип

GHSA-g97r-rvqc-x2fm

github
больше 3 лет назад

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.

fstec логотип

BDU:2020-04585

CVSS3: 9.1
fstec
больше 5 лет назад

Уязвимость реализации беспроводной технология передачи данных Low-power Wide-area Network (LPWAN) операционной системы Cisco IOS маршрутизаторов Cisco 800 Series Industrial Integrated Services Routers, Cisco 1000 Series Connected Grid Routers, позволяющая нарушителю получить несанкционированный доступ к защищаемой иниформации или вызвать отказ в обслуживании

EPSS

Процентиль: 66%
0.00525
Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-264
CWE-20