ID

VAR-202009-1124


CVE

CVE-2020-3408


TITLE

Cisco IOS  and  IOS XE  Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-011825

DESCRIPTION

A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition

Trust: 1.71

sources: NVD: CVE-2020-3408 // JVNDB: JVNDB-2020-011825 // VULMON: CVE-2020-3408

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:15.8\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.8\(3\)m3

Trust: 1.0

vendor:シスコシステムズmodel:cisco iosscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iosscope:eqversion:xe

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011825 // NVD: CVE-2020-3408

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3408
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202009-1395
value: HIGH

Trust: 0.6

VULMON: CVE-2020-3408
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3408
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2020-3408
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-3408
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-3408 // JVNDB: JVNDB-2020-011825 // CNNVD: CNNVD-202009-1395 // NVD: CVE-2020-3408

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011825 // NVD: CVE-2020-3408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1395

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1395

CONFIGURATIONS

sources: NVD: CVE-2020-3408

PATCH

title:cisco-sa-splitdns-SPWqpdGWurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-splitdns-spwqpdgw

Trust: 0.8

title:Cisco IOS and Cisco IOS XE Split DNS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129058

Trust: 0.6

title:Cisco: Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-splitdns-spwqpdgw

Trust: 0.1

sources: VULMON: CVE-2020-3408 // JVNDB: JVNDB-2020-011825 // CNNVD: CNNVD-202009-1395

EXTERNAL IDS

db:NVDid:CVE-2020-3408

Trust: 2.5

db:JVNDBid:JVNDB-2020-011825

Trust: 0.8

db:AUSCERTid:ESB-2020.3277

Trust: 0.6

db:NSFOCUSid:49467

Trust: 0.6

db:CNNVDid:CNNVD-202009-1395

Trust: 0.6

db:VULMONid:CVE-2020-3408

Trust: 0.1

sources: VULMON: CVE-2020-3408 // JVNDB: JVNDB-2020-011825 // CNNVD: CNNVD-202009-1395 // NVD: CVE-2020-3408

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-splitdns-spwqpdgw

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-3408

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3277/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49467

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-3408 // JVNDB: JVNDB-2020-011825 // CNNVD: CNNVD-202009-1395 // NVD: CVE-2020-3408

SOURCES

db:VULMONid:CVE-2020-3408
db:JVNDBid:JVNDB-2020-011825
db:CNNVDid:CNNVD-202009-1395
db:NVDid:CVE-2020-3408

LAST UPDATE DATE

2022-05-04T09:02:29.516000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-3408date:2020-10-06T00:00:00
db:JVNDBid:JVNDB-2020-011825date:2021-04-15T07:51:00
db:CNNVDid:CNNVD-202009-1395date:2020-10-22T00:00:00
db:NVDid:CVE-2020-3408date:2020-10-06T15:39:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-3408date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011825date:2021-04-15T00:00:00
db:CNNVDid:CNNVD-202009-1395date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3408date:2020-09-24T18:15:00