ID

VAR-202006-1152


CVE

CVE-2020-3364


TITLE

Cisco IOS XR Software fraudulent authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006920

DESCRIPTION

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. Cisco IOS XR The software contains vulnerabilities related to unauthorized authentication.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2020-3364 // JVNDB: JVNDB-2020-006920 // VULHUB: VHN-181489

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:6.7.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:7.0.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:7.1.15

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:7.0.11

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:7.1.1

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:7.0.12

Trust: 1.0

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006920 // NVD: CVE-2020-3364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3364
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3364
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006920
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1146
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181489
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3364
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006920
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181489
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3364
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3364
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006920
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181489 // JVNDB: JVNDB-2020-006920 // CNNVD: CNNVD-202006-1146 // NVD: CVE-2020-3364 // NVD: CVE-2020-3364

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.9

problemtype:CWE-284

Trust: 1.0

sources: VULHUB: VHN-181489 // JVNDB: JVNDB-2020-006920 // NVD: CVE-2020-3364

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1146

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1146

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006920

PATCH

title:cisco-sa-xracl-zbWSWREturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt

Trust: 0.8

title:Cisco IOS XR Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121839

Trust: 0.6

sources: JVNDB: JVNDB-2020-006920 // CNNVD: CNNVD-202006-1146

EXTERNAL IDS

db:NVDid:CVE-2020-3364

Trust: 2.5

db:JVNDBid:JVNDB-2020-006920

Trust: 0.8

db:CNNVDid:CNNVD-202006-1146

Trust: 0.7

db:AUSCERTid:ESB-2020.2125

Trust: 0.6

db:CNVDid:CNVD-2020-34297

Trust: 0.1

db:VULHUBid:VHN-181489

Trust: 0.1

sources: VULHUB: VHN-181489 // JVNDB: JVNDB-2020-006920 // CNNVD: CNNVD-202006-1146 // NVD: CVE-2020-3364

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xracl-zbwswret

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3364

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3364

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-xr-privilege-escalation-via-acl-bypass-32564

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2125/

Trust: 0.6

sources: VULHUB: VHN-181489 // JVNDB: JVNDB-2020-006920 // CNNVD: CNNVD-202006-1146 // NVD: CVE-2020-3364

SOURCES

db:VULHUBid:VHN-181489
db:JVNDBid:JVNDB-2020-006920
db:CNNVDid:CNNVD-202006-1146
db:NVDid:CVE-2020-3364

LAST UPDATE DATE

2024-08-14T15:33:32.515000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181489date:2020-06-24T00:00:00
db:JVNDBid:JVNDB-2020-006920date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1146date:2020-06-30T00:00:00
db:NVDid:CVE-2020-3364date:2020-06-24T16:30:30.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-181489date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-006920date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1146date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3364date:2020-06-18T03:15:14.697