Details of VAR-202009-1125

ID

VAR-202009-1125

CVE

CVE-2020-3409

TITLE

Cisco IOS and IOS XE Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-011826

DESCRIPTION

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device

Trust: 1.71

sources: NVD: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // VULMON: CVE-2020-3409

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	15.2\(7\)e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	eq	version:	xe	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011826 // NVD: CVE-2020-3409

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-3409
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-202009-1382
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-3409
value:	MEDIUM
Trust: 0.1

VULMON:	CVE-2020-3409
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

NVD:	CVE-2020-3409
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT_NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3409
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382 // NVD: CVE-2020-3409

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011826 // NVD: CVE-2020-3409

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-1382

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1382

CONFIGURATIONS

sources: NVD: CVE-2020-3409

PATCH

title:	cisco-sa-profinet-J9QMCHPB	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-profinet-j9qmchpb	Trust: 0.8
title:	Cisco IOS and IOS XE Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129045	Trust: 0.6
title:	Cisco: Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-profinet-j9qmchpb	Trust: 0.1

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3409	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-011826	Trust: 0.8
db:	NSFOCUS	id:	49464	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3272	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3272.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1382	Trust: 0.6
db:	VULMON	id:	CVE-2020-3409	Trust: 0.1

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382 // NVD: CVE-2020-3409

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-profinet-j9qmchpb	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3409	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3272/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3272.2/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49464	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-3409 // JVNDB: JVNDB-2020-011826 // CNNVD: CNNVD-202009-1382 // NVD: CVE-2020-3409

SOURCES

db:	VULMON	id:	CVE-2020-3409
db:	JVNDB	id:	JVNDB-2020-011826
db:	CNNVD	id:	CNNVD-202009-1382
db:	NVD	id:	CVE-2020-3409

LAST UPDATE DATE

2022-05-04T08:33:56.714000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-3409	date:	2020-10-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-011826	date:	2021-04-15T07:51:00
db:	CNNVD	id:	CNNVD-202009-1382	date:	2020-12-10T00:00:00
db:	NVD	id:	CVE-2020-3409	date:	2020-10-06T15:37:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-3409	date:	2020-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-011826	date:	2021-04-15T00:00:00
db:	CNNVD	id:	CNNVD-202009-1382	date:	2020-09-24T00:00:00
db:	NVD	id:	CVE-2020-3409	date:	2020-09-24T18:15:00