Details of VAR-202006-1815

ID

VAR-202006-1815

CVE

CVE-2020-3199

TITLE

Cisco IOS Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-006139

DESCRIPTION

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS The software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3199 // JVNDB: JVNDB-2020-006139

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m11	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m10	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)sg11a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(1\)t4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)cg	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(1\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)cg	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(1\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m6a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(1\)t3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m6a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m10	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jpj	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m4a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.3\(3\)jaa1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	12.2\(60\)ez16	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(2\)t4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-006139 // NVD: CVE-2020-3199

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-3199
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006139
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202006-343
value:	HIGH
Trust: 0.6

NVD:	CVE-2020-3199
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006139
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

NVD:	CVE-2020-3199
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT_NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006139
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-006139 // CNNVD: CNNVD-202006-343 // NVD: CVE-2020-3199

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2020-006139 // NVD: CVE-2020-3199

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-343

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-343

CONFIGURATIONS

sources: NVD: CVE-2020-3199

PATCH

title:	cisco-sa-ios-iot-gos-vuln-s9qS8kYL	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-iot-gos-vuln-s9qs8kyl	Trust: 0.8
title:	Cisco 809 Industrial ISRs , Cisco 829 Industrial ISRs and CGR1000 IOx Fixing measures for input environment input verification error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=120242	Trust: 0.6

sources: JVNDB: JVNDB-2020-006139 // CNNVD: CNNVD-202006-343

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3199	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-006139	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.1950	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-343	Trust: 0.6

sources: JVNDB: JVNDB-2020-006139 // CNNVD: CNNVD-202006-343 // NVD: CVE-2020-3199

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-iot-gos-vuln-s9qs8kyl	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3199	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3199	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1950/	Trust: 0.6

sources: JVNDB: JVNDB-2020-006139 // CNNVD: CNNVD-202006-343 // NVD: CVE-2020-3199

SOURCES

db:	JVNDB	id:	JVNDB-2020-006139
db:	CNNVD	id:	CNNVD-202006-343
db:	NVD	id:	CVE-2020-3199

LAST UPDATE DATE

2022-05-04T09:38:08.763000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-006139	date:	2020-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202006-343	date:	2021-10-27T00:00:00
db:	NVD	id:	CVE-2020-3199	date:	2021-10-26T16:32:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-006139	date:	2020-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202006-343	date:	2020-06-03T00:00:00
db:	NVD	id:	CVE-2020-3199	date:	2020-06-03T18:15:00