ID

VAR-202009-1147


CVE

CVE-2020-3516


TITLE

Cisco IOS XE  Input validation vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-011922

DESCRIPTION

A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server. Cisco IOS XE The software contains an input validation vulnerability.Service operation interruption (DoS) It may be in a state. Both Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network equipment

Trust: 1.71

sources: NVD: CVE-2020-3516 // JVNDB: JVNDB-2020-011922 // VULHUB: VHN-181641

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:ltversion:16.9.6

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:17.1.0

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:16.12.0

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011922 // NVD: CVE-2020-3516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3516
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3516
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3516
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202009-1388
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181641
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3516
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181641
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3516
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3516
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181641 // JVNDB: JVNDB-2020-011922 // CNNVD: CNNVD-202009-1388 // NVD: CVE-2020-3516 // NVD: CVE-2020-3516

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181641 // JVNDB: JVNDB-2020-011922 // NVD: CVE-2020-3516

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1388

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1388

PATCH

title:cisco-sa-WEB-UI-exNFmcPOurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-WEB-UI-exNFmcPO

Trust: 0.8

title:Cisco IOS and IOS XE Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=129051

Trust: 0.6

sources: JVNDB: JVNDB-2020-011922 // CNNVD: CNNVD-202009-1388

EXTERNAL IDS

db:NVDid:CVE-2020-3516

Trust: 3.3

db:JVNid:JVNVU94803886

Trust: 0.8

db:ICS CERTid:ICSA-22-300-03

Trust: 0.8

db:JVNDBid:JVNDB-2020-011922

Trust: 0.8

db:AUSCERTid:ESB-2020.3274

Trust: 0.6

db:AUSCERTid:ESB-2022.5426

Trust: 0.6

db:NSFOCUSid:49358

Trust: 0.6

db:CNNVDid:CNNVD-202009-1388

Trust: 0.6

db:VULHUBid:VHN-181641

Trust: 0.1

sources: VULHUB: VHN-181641 // JVNDB: JVNDB-2020-011922 // CNNVD: CNNVD-202009-1388 // NVD: CVE-2020-3516

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-web-ui-exnfmcpo

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-3516

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94803886/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-300-03

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49358

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3274/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5426

Trust: 0.6

sources: VULHUB: VHN-181641 // JVNDB: JVNDB-2020-011922 // CNNVD: CNNVD-202009-1388 // NVD: CVE-2020-3516

SOURCES

db:VULHUBid:VHN-181641
db:JVNDBid:JVNDB-2020-011922
db:CNNVDid:CNNVD-202009-1388
db:NVDid:CVE-2020-3516

LAST UPDATE DATE

2024-08-14T13:24:28.063000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181641date:2020-10-08T00:00:00
db:JVNDBid:JVNDB-2020-011922date:2022-10-31T02:59:00
db:CNNVDid:CNNVD-202009-1388date:2022-10-28T00:00:00
db:NVDid:CVE-2020-3516date:2020-10-08T13:36:56.253

SOURCES RELEASE DATE

db:VULHUBid:VHN-181641date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2020-011922date:2021-04-20T00:00:00
db:CNNVDid:CNNVD-202009-1388date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3516date:2020-09-24T18:15:21.527