ID

VAR-202006-1074


CVE

CVE-2020-3206


TITLE

Cisco IOS XE Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006203

DESCRIPTION

A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. Cisco IOS XE The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2020-3206 // JVNDB: JVNDB-2020-006203 // VULHUB: VHN-181331 // VULMON: CVE-2020-3206

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006203 // NVD: CVE-2020-3206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3206
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3206
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006203
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-324
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181331
value: LOW

Trust: 0.1

VULMON: CVE-2020-3206
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3206
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006203
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181331
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3206
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3206
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006203
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181331 // VULMON: CVE-2020-3206 // JVNDB: JVNDB-2020-006203 // CNNVD: CNNVD-202006-324 // NVD: CVE-2020-3206 // NVD: CVE-2020-3206

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181331 // JVNDB: JVNDB-2020-006203 // NVD: CVE-2020-3206

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-324

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006203

PATCH

title:cisco-sa-ewlc-dos-AnvKvMxRurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-dos-AnvKvMxR

Trust: 0.8

title:Cisco Catalyst 9800 Series Wireless Controllers IOS XE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120229

Trust: 0.6

title:Cisco: Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ewlc-dos-AnvKvMxR

Trust: 0.1

title:CVE-2020-3206url:https://github.com/AlAIAL90/CVE-2020-3206

Trust: 0.1

sources: VULMON: CVE-2020-3206 // JVNDB: JVNDB-2020-006203 // CNNVD: CNNVD-202006-324

EXTERNAL IDS

db:NVDid:CVE-2020-3206

Trust: 2.6

db:JVNDBid:JVNDB-2020-006203

Trust: 0.8

db:CNNVDid:CNNVD-202006-324

Trust: 0.7

db:AUSCERTid:ESB-2020.1933

Trust: 0.6

db:VULHUBid:VHN-181331

Trust: 0.1

db:VULMONid:CVE-2020-3206

Trust: 0.1

sources: VULHUB: VHN-181331 // VULMON: CVE-2020-3206 // JVNDB: JVNDB-2020-006203 // CNNVD: CNNVD-202006-324 // NVD: CVE-2020-3206

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ewlc-dos-anvkvmxr

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2020-3206

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3206

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1933/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-catalyst-9800-series-wireless-controllers-32413

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3206

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-181331 // VULMON: CVE-2020-3206 // JVNDB: JVNDB-2020-006203 // CNNVD: CNNVD-202006-324 // NVD: CVE-2020-3206

SOURCES

db:VULHUBid:VHN-181331
db:VULMONid:CVE-2020-3206
db:JVNDBid:JVNDB-2020-006203
db:CNNVDid:CNNVD-202006-324
db:NVDid:CVE-2020-3206

LAST UPDATE DATE

2024-08-14T14:38:23.349000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181331date:2021-09-17T00:00:00
db:VULMONid:CVE-2020-3206date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006203date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-324date:2020-06-11T00:00:00
db:NVDid:CVE-2020-3206date:2021-09-17T18:36:19.577

SOURCES RELEASE DATE

db:VULHUBid:VHN-181331date:2020-06-03T00:00:00
db:VULMONid:CVE-2020-3206date:2020-06-03T00:00:00
db:JVNDBid:JVNDB-2020-006203date:2020-07-03T00:00:00
db:CNNVDid:CNNVD-202006-324date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3206date:2020-06-03T18:15:18.667