Sign-up

ID

VAR-202004-1235


CVE

CVE-2020-3162


TITLE

Cisco IoT Field Network Director Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004773

DESCRIPTION

A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. The system has the functions of equipment management, asset tracking and intelligent measurement

Trust: 2.79

sources: NVD: CVE-2020-3162 // JVNDB: JVNDB-2020-004773 // CNVD: CNVD-2020-34943 // CNNVD: CNNVD-202004-1101 // VULHUB: VHN-181287

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-34943

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope: - version: -

Trust: 1.4

vendor:ciscomodel:iot field network directorscope:ltversion:4.6.0

Trust: 1.0

sources: CNVD: CNVD-2020-34943 // JVNDB: JVNDB-2020-004773 // NVD: CVE-2020-3162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3162
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3162
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004773
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-34943
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1101
value: HIGH

Trust: 0.6

VULHUB: VHN-181287
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3162
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004773
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-34943
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181287
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3162
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3162
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004773
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-34943 // VULHUB: VHN-181287 // JVNDB: JVNDB-2020-004773 // CNNVD: CNNVD-202004-1101 // NVD: CVE-2020-3162 // NVD: CVE-2020-3162

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181287 // JVNDB: JVNDB-2020-004773 // NVD: CVE-2020-3162

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1101

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1101

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004773

PATCH
title:cisco-sa-iot-coap-dos-WTBu6YTqurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq
Trust: 0.8
title:Patch for Cisco IoT Field Network Director Denial of Service Vulnerability (CNVD-2020-34943)url:https://www.cnvd.org.cn/patchInfo/show/223213
Trust: 0.6
title:Cisco IoT Field Network Director Constrained Application Protocol Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116008
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-34943 // 
            
            
            
            JVNDB: JVNDB-2020-004773 // 
            
            
            
            CNNVD: CNNVD-202004-1101

EXTERNAL IDS
db:NVDid:CVE-2020-3162
Trust: 3.1
db:JVNDBid:JVNDB-2020-004773
Trust: 0.8
db:CNVDid:CNVD-2020-34943
Trust: 0.7
db:CNNVDid:CNNVD-202004-1101
Trust: 0.7
db:NSFOCUSid:47255
Trust: 0.6
db:AUSCERTid:ESB-2020.1322
Trust: 0.6
db:VULHUBid:VHN-181287
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-34943 // 
            
            
            
            VULHUB: VHN-181287 // 
            
            
            
            JVNDB: JVNDB-2020-004773 // 
            
            
            
            CNNVD: CNNVD-202004-1101 // 
            
            
            
            NVD: CVE-2020-3162

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iot-coap-dos-wtbu6ytq
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3162
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3162
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1322/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47255
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-34943 // 
            
            
            
            VULHUB: VHN-181287 // 
            
            
            
            JVNDB: JVNDB-2020-004773 // 
            
            
            
            CNNVD: CNNVD-202004-1101 // 
            
            
            
            NVD: CVE-2020-3162

SOURCES
db:CNVDid:CNVD-2020-34943
db:VULHUBid:VHN-181287
db:JVNDBid:JVNDB-2020-004773
db:CNNVDid:CNNVD-202004-1101
db:NVDid:CVE-2020-3162

LAST UPDATE DATE
2024-11-23T23:11:27.205000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-34943date:2020-06-28T00:00:00
db:VULHUBid:VHN-181287date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2020-004773date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1101date:2021-08-17T00:00:00
db:NVDid:CVE-2020-3162date:2024-11-21T05:30:27.343

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-34943date:2020-06-26T00:00:00
db:VULHUBid:VHN-181287date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004773date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1101date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3162date:2020-04-15T21:15:35.200