ID

VAR-202009-1125


CVE

CVE-2020-3409


TITLE

Cisco IOS  and  IOS XE  Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-011826

DESCRIPTION

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device

Trust: 1.71

sources: NVD: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // VULMON: CVE-2020-3409

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.2\(7\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.2\(7\)e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:シスコシステムズmodel:cisco iosscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iosscope:eqversion:xe

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011826 // NVD: CVE-2020-3409

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3409
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202009-1382
value: HIGH

Trust: 0.6

VULMON: CVE-2020-3409
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3409
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2020-3409
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-3409
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382 // NVD: CVE-2020-3409

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011826 // NVD: CVE-2020-3409

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1382

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1382

CONFIGURATIONS

sources: NVD: CVE-2020-3409

PATCH

title:cisco-sa-profinet-J9QMCHPBurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-profinet-j9qmchpb

Trust: 0.8

title:Cisco IOS and IOS XE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129045

Trust: 0.6

title:Cisco: Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-profinet-j9qmchpb

Trust: 0.1

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382

EXTERNAL IDS

db:NVDid:CVE-2020-3409

Trust: 2.5

db:JVNDBid:JVNDB-2020-011826

Trust: 0.8

db:NSFOCUSid:49464

Trust: 0.6

db:AUSCERTid:ESB-2020.3272

Trust: 0.6

db:AUSCERTid:ESB-2020.3272.2

Trust: 0.6

db:CNNVDid:CNNVD-202009-1382

Trust: 0.6

db:VULMONid:CVE-2020-3409

Trust: 0.1

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382 // NVD: CVE-2020-3409

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-profinet-j9qmchpb

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-3409

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3272/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3272.2/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49464

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382 // NVD: CVE-2020-3409

SOURCES

db:VULMONid:CVE-2020-3409
db:JVNDBid:JVNDB-2020-011826
db:CNNVDid:CNNVD-202009-1382
db:NVDid:CVE-2020-3409

LAST UPDATE DATE

2022-05-04T08:33:56.714000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-3409date:2020-10-06T00:00:00
db:JVNDBid:JVNDB-2020-011826date:2021-04-15T07:51:00
db:CNNVDid:CNNVD-202009-1382date:2020-12-10T00:00:00
db:NVDid:CVE-2020-3409date:2020-10-06T15:37:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-3409date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011826date:2021-04-15T00:00:00
db:CNNVDid:CNNVD-202009-1382date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3409date:2020-09-24T18:15:00