Sign-up

ID

VAR-202006-1108


CVE

CVE-2020-3244


TITLE

Cisco ASR 5000 input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-47603 // CNNVD: CNNVD-202006-1143

DESCRIPTION

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. Cisco ASR 5000 is a 5000 series gateway product of American Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2020-3244 // JVNDB: JVNDB-2020-006873 // CNVD: CNVD-2020-47603 // VULMON: CVE-2020-3244

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-47603

AFFECTED PRODUCTS

vendor:ciscomodel:starosscope:ltversion:21.18.0

Trust: 1.0

vendor:ciscomodel:starosscope: - version: -

Trust: 0.8

vendor:ciscomodel:asr series aggregation services routersscope:eqversion:5000

Trust: 0.6

sources: CNVD: CNVD-2020-47603 // JVNDB: JVNDB-2020-006873 // NVD: CVE-2020-3244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3244
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3244
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006873
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-47603
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1143
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-3244
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3244
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006873
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-47603
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3244
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3244
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006873
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-47603 // VULMON: CVE-2020-3244 // JVNDB: JVNDB-2020-006873 // CNNVD: CNNVD-202006-1143 // NVD: CVE-2020-3244 // NVD: CVE-2020-3244

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-006873 // NVD: CVE-2020-3244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1143

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1143

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006873

PATCH
title:cisco-sa-asr5k-ecs-bypass-2LqfPCLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL
Trust: 0.8
title:Patch for Cisco ASR 5000 input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/231508
Trust: 0.6
title:Cisco ASR 5000 Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121836
Trust: 0.6
title:Cisco: Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asr5k-ecs-bypass-2LqfPCL
Trust: 0.1
title:CVE-2020-3244url:https://github.com/AlAIAL90/CVE-2020-3244 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-47603 // 
            
            
            
            VULMON: CVE-2020-3244 // 
            
            
            
            JVNDB: JVNDB-2020-006873 // 
            
            
            
            CNNVD: CNNVD-202006-1143

EXTERNAL IDS
db:NVDid:CVE-2020-3244
Trust: 3.1
db:JVNDBid:JVNDB-2020-006873
Trust: 0.8
db:CNVDid:CNVD-2020-47603
Trust: 0.6
db:AUSCERTid:ESB-2020.2117
Trust: 0.6
db:CNNVDid:CNNVD-202006-1143
Trust: 0.6
db:VULMONid:CVE-2020-3244
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-47603 // 
            
            
            
            VULMON: CVE-2020-3244 // 
            
            
            
            JVNDB: JVNDB-2020-006873 // 
            
            
            
            CNNVD: CNNVD-202006-1143 // 
            
            
            
            NVD: CVE-2020-3244

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-ecs-bypass-2lqfpcl
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-3244
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3244
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2117/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-asr-5000-privilege-escalation-via-enhanced-charging-service-32552
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3244
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-47603 // 
            
            
            
            VULMON: CVE-2020-3244 // 
            
            
            
            JVNDB: JVNDB-2020-006873 // 
            
            
            
            CNNVD: CNNVD-202006-1143 // 
            
            
            
            NVD: CVE-2020-3244

SOURCES
db:CNVDid:CNVD-2020-47603
db:VULMONid:CVE-2020-3244
db:JVNDBid:JVNDB-2020-006873
db:CNNVDid:CNNVD-202006-1143
db:NVDid:CVE-2020-3244

LAST UPDATE DATE
2024-11-23T23:04:18.978000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-47603date:2020-08-24T00:00:00
db:VULMONid:CVE-2020-3244date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2020-006873date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1143date:2020-06-30T00:00:00
db:NVDid:CVE-2020-3244date:2024-11-21T05:30:38.713

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-47603date:2020-08-24T00:00:00
db:VULMONid:CVE-2020-3244date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006873date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1143date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3244date:2020-06-18T03:15:11.370