Sign-up

ID

VAR-202009-1134


CVE

CVE-2020-3426


TITLE

Cisco 800  series  Industrial Integrated Services  Router and  Cisco 1000  series  Connected Grid  For routers  Cisco IOS  Software permission management vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-011877

DESCRIPTION

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition

Trust: 1.71

sources: NVD: CVE-2020-3426 // JVNDB: JVNDB-2020-011877 // VULMON: CVE-2020-3426

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco iosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011877 // NVD: CVE-2020-3426

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3426
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202009-1436
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-3426
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3426
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2020-3426
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2020-3426
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-3426 // JVNDB: JVNDB-2020-011877 // CNNVD: CNNVD-202009-1436 // NVD: CVE-2020-3426

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011877 // NVD: CVE-2020-3426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1436

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1436

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-3426

PATCH
title:cisco-sa-ios-lpwa-access-cXsD7PRAurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-lpwa-access-cxsd7pra
Trust: 0.8
title:Cisco IOS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129763
Trust: 0.6
title:Cisco: Cisco IOS Software for Cisco Industrial Routers  Virtual-LPWA  Unauthorized Access Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ios-lpwa-access-cxsd7pra
Trust: 0.1
title:CVE-2020-3426url:https://github.com/alaial90/cve-2020-3426 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3426 // 
            
            
            
            JVNDB: JVNDB-2020-011877 // 
            
            
            
            CNNVD: CNNVD-202009-1436

EXTERNAL IDS
db:NVDid:CVE-2020-3426
Trust: 2.5
db:JVNDBid:JVNDB-2020-011877
Trust: 0.8
db:AUSCERTid:ESB-2020.3284
Trust: 0.6
db:NSFOCUSid:49408
Trust: 0.6
db:CNNVDid:CNNVD-202009-1436
Trust: 0.6
db:VULMONid:CVE-2020-3426
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3426 // 
            
            
            
            JVNDB: JVNDB-2020-011877 // 
            
            
            
            CNNVD: CNNVD-202009-1436 // 
            
            
            
            NVD: CVE-2020-3426

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-lpwa-access-cxsd7pra
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-3426
Trust: 1.4
url:http://www.nsfocus.net/vulndb/49408
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3284/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-information-disclosure-via-lpwa-33420
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://github.com/alaial90/cve-2020-3426
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3426 // 
            
            
            
            JVNDB: JVNDB-2020-011877 // 
            
            
            
            CNNVD: CNNVD-202009-1436 // 
            
            
            
            NVD: CVE-2020-3426

SOURCES
db:VULMONid:CVE-2020-3426
db:JVNDBid:JVNDB-2020-011877
db:CNNVDid:CNNVD-202009-1436
db:NVDid:CVE-2020-3426

LAST UPDATE DATE
2022-05-04T10:07:25.378000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-3426date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-011877date:2021-04-19T07:59:00
db:CNNVDid:CNNVD-202009-1436date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3426date:2021-08-06T19:03:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-3426date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011877date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202009-1436date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3426date:2020-09-24T18:15:00