Details of VAR-202006-1099

ID

VAR-202006-1099

CVE

CVE-2020-3232

TITLE

Cisco ASR 920 Series Aggregation Service Router Models ASR920-12SZ-IM Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006127

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition

Trust: 2.16

sources: NVD: CVE-2020-3232 // JVNDB: JVNDB-2020-006127 // CNVD: CNVD-2020-32905

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-32905

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1hsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.9s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.5as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1gsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.8s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.6bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.10s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.4sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.7s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.7bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1isp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr series aggregation services router asr920-12sz-im	scope:	eq	version:	920	Trust: 0.6

sources: CNVD: CNVD-2020-32905 // JVNDB: JVNDB-2020-006127 // NVD: CVE-2020-3232

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3232
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3232
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-006127
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-32905
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-308
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-3232
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006127
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-32905
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-3232
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3232
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-006127
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-32905 // JVNDB: JVNDB-2020-006127 // CNNVD: CNNVD-202006-308 // NVD: CVE-2020-3232 // NVD: CVE-2020-3232

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2020-006127 // NVD: CVE-2020-3232

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-308

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202006-308

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006127

PATCH

title:	cisco-sa-asr920-ABjcLmef	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr920-ABjcLmef	Trust: 0.8
title:	Patch for Cisco ASR 920 Series Aggregation Services Router ASR920-12SZ-IM code issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/221563	Trust: 0.6
title:	Cisco ASR 920 Series Aggregation Services Router ASR920-12SZ-IM Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121139	Trust: 0.6

sources: CNVD: CNVD-2020-32905 // JVNDB: JVNDB-2020-006127 // CNNVD: CNNVD-202006-308

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3232	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006127	Trust: 0.8
db:	CNVD	id:	CNVD-2020-32905	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1942	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-308	Trust: 0.6

sources: CNVD: CNVD-2020-32905 // JVNDB: JVNDB-2020-006127 // CNNVD: CNNVD-202006-308 // NVD: CVE-2020-3232

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-3232	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr920-abjclmef	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3232	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-asr-920-denial-of-service-via-snmp-32409	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1942/	Trust: 0.6

sources: CNVD: CNVD-2020-32905 // JVNDB: JVNDB-2020-006127 // CNNVD: CNNVD-202006-308 // NVD: CVE-2020-3232

SOURCES

db:	CNVD	id:	CNVD-2020-32905
db:	JVNDB	id:	JVNDB-2020-006127
db:	CNNVD	id:	CNNVD-202006-308
db:	NVD	id:	CVE-2020-3232

LAST UPDATE DATE

2024-11-23T23:01:21.707000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-32905	date:	2020-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-006127	date:	2020-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202006-308	date:	2020-06-11T00:00:00
db:	NVD	id:	CVE-2020-3232	date:	2024-11-21T05:30:37.187

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-32905	date:	2020-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-006127	date:	2020-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202006-308	date:	2020-06-03T00:00:00
db:	NVD	id:	CVE-2020-3232	date:	2020-06-03T18:15:21.183