Sign-up

ID

VAR-202006-1110


CVE

CVE-2020-3257


TITLE

Cisco IOS Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006333

DESCRIPTION

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS The software contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. are all products of the United States Cisco (Cisco) company. Cisco 1000 Series Connected Grid Routers is a 1000 series Internet grid router. Cisco IOS Software is a set of software developed for its network equipment running on it. An attacker can use this vulnerability to execute arbitrary code with higher authority

Trust: 2.16

sources: NVD: CVE-2020-3257 // JVNDB: JVNDB-2020-006333 // CNVD: CNVD-2020-31997

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31997

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.8\(3.0z\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.9

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:industrial integrated services routersscope:eqversion:809

Trust: 0.6

vendor:ciscomodel:industrial integrated services routersscope:eqversion:829

Trust: 0.6

vendor:ciscomodel:series connected grid routersscope:eqversion:1000

Trust: 0.6

sources: CNVD: CNVD-2020-31997 // JVNDB: JVNDB-2020-006333 // NVD: CVE-2020-3257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3257
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3257
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006333
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-31997
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-370
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-3257
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006333
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31997
severity: HIGH
baseScore: 7.8
vectorString: AV:A/AC:L/AU:N/C:N/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3257
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3257
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006333
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31997 // JVNDB: JVNDB-2020-006333 // CNNVD: CNNVD-202006-370 // NVD: CVE-2020-3257 // NVD: CVE-2020-3257

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-119

Trust: 1.0

sources: JVNDB: JVNDB-2020-006333 // NVD: CVE-2020-3257

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-370

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-370

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006333

PATCH
title:cisco-sa-ios-iot-gos-vuln-s9qS8kYLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL
Trust: 0.8
title:Patch for Multiple Cisco product input verification error vulnerabilities (CNVD-2020-31997)url:https://www.cnvd.org.cn/patchInfo/show/220729
Trust: 0.6
title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120267
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31997 // 
            
            
            
            JVNDB: JVNDB-2020-006333 // 
            
            
            
            CNNVD: CNNVD-202006-370

EXTERNAL IDS
db:NVDid:CVE-2020-3257
Trust: 3.0
db:JVNDBid:JVNDB-2020-006333
Trust: 0.8
db:CNVDid:CNVD-2020-31997
Trust: 0.6
db:AUSCERTid:ESB-2020.1950
Trust: 0.6
db:CNNVDid:CNNVD-202006-370
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31997 // 
            
            
            
            JVNDB: JVNDB-2020-006333 // 
            
            
            
            CNNVD: CNNVD-202006-370 // 
            
            
            
            NVD: CVE-2020-3257

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-3257
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-iot-gos-vuln-s9qs8kyl
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3257
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1950/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-31997 // 
            
            
            
            JVNDB: JVNDB-2020-006333 // 
            
            
            
            CNNVD: CNNVD-202006-370 // 
            
            
            
            NVD: CVE-2020-3257

SOURCES
db:CNVDid:CNVD-2020-31997
db:JVNDBid:JVNDB-2020-006333
db:CNNVDid:CNNVD-202006-370
db:NVDid:CVE-2020-3257

LAST UPDATE DATE
2024-11-23T21:51:27.380000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-31997date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006333date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-370date:2022-03-18T00:00:00
db:NVDid:CVE-2020-3257date:2024-11-21T05:30:40.277

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-31997date:2020-06-09T00:00:00
db:JVNDBid:JVNDB-2020-006333date:2020-07-07T00:00:00
db:CNNVDid:CNNVD-202006-370date:2020-06-03T00:00:00
db:NVDid:CVE-2020-3257date:2020-06-03T18:15:21.840