ID

VAR-202001-1199


CVE

CVE-2020-3147


TITLE

Cisco Small Business Switch  Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001525

DESCRIPTION

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18

Trust: 2.16

sources: NVD: CVE-2020-3147 // JVNDB: JVNDB-2020-001525 // CNVD: CNVD-2020-04819

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-04819

AFFECTED PRODUCTS

vendor:ciscomodel:sg300-10sfpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500x-24scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf500-24pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-24ppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-10mpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-52pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf500-48scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500-52pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-48ppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500x-24pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-24pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-28ppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-48scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-24scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-28scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500-28pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-24pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500-28mppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-52scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500-28scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-26scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-24fpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-52mpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf302-08ppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500x-48pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-50scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-10scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-18scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-10fpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500xg-8f8tscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-08pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-08scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-20scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-24scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500x-48scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-48pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-10pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf302-08pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500-52scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-48pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-08scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf300-24mpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-50fpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-26fpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf500-48pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf302-08scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-26pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-48scope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-28mpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg500-52mpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf302-08mppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-10mppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg200-50pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-10ppscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sg300-28pscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf302-08mpscope:ltversion:1.3.7.18

Trust: 1.0

vendor:ciscomodel:sf500-24scope:ltversion:1.3.7.18

Trust: 1.0

vendor:シスコシステムズmodel:cisco sg200-08pscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-08scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-10fpscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-18scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-26fpscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-26pscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-26scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-50fpscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-50pscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sg200-50scope: - version: -

Trust: 0.8

vendor:ciscomodel:small business switchesscope:ltversion:1.3.7.18

Trust: 0.6

sources: CNVD: CNVD-2020-04819 // JVNDB: JVNDB-2020-001525 // NVD: CVE-2020-3147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3147
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3147
value: HIGH

Trust: 1.0

NVD: CVE-2020-3147
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-04819
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-1345
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-3147
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-04819
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3147
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3147
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2020-3147
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-04819 // JVNDB: JVNDB-2020-001525 // CNNVD: CNNVD-202001-1345 // NVD: CVE-2020-3147 // NVD: CVE-2020-3147

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-001525 // NVD: CVE-2020-3147

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1345

PATCH

title:cisco-sa-smlbus-switch-dos-R6VquS2uurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smlbus-switch-dos-R6VquS2u

Trust: 0.8

title:Patch for Cisco Small Business Switches web UI denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/200969

Trust: 0.6

title:Cisco Small Business Switches Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109804

Trust: 0.6

sources: CNVD: CNVD-2020-04819 // JVNDB: JVNDB-2020-001525 // CNNVD: CNNVD-202001-1345

EXTERNAL IDS

db:NVDid:CVE-2020-3147

Trust: 3.0

db:JVNDBid:JVNDB-2020-001525

Trust: 0.8

db:CNVDid:CNVD-2020-04819

Trust: 0.6

db:CNNVDid:CNNVD-202001-1345

Trust: 0.6

sources: CNVD: CNVD-2020-04819 // JVNDB: JVNDB-2020-001525 // CNNVD: CNNVD-202001-1345 // NVD: CVE-2020-3147

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-3147

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-smlbus-switch-dos-r6vqus2u

Trust: 1.6

sources: CNVD: CNVD-2020-04819 // JVNDB: JVNDB-2020-001525 // CNNVD: CNNVD-202001-1345 // NVD: CVE-2020-3147

SOURCES

db:CNVDid:CNVD-2020-04819
db:JVNDBid:JVNDB-2020-001525
db:CNNVDid:CNNVD-202001-1345
db:NVDid:CVE-2020-3147

LAST UPDATE DATE

2024-11-23T23:11:35.220000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-04819date:2020-02-17T00:00:00
db:JVNDBid:JVNDB-2020-001525date:2020-02-13T00:00:00
db:CNNVDid:CNNVD-202001-1345date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3147date:2024-11-21T05:30:25.373

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-04819date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2020-001525date:2020-02-13T00:00:00
db:CNNVDid:CNNVD-202001-1345date:2020-01-30T00:00:00
db:NVDid:CVE-2020-3147date:2020-01-30T19:15:11.790