ID

VAR-202009-1150


CVE

CVE-2020-3527


TITLE

Cisco Catalyst 9200  Series switch  Polaris  Resource exhaustion vulnerability in kernel

Trust: 0.8

sources: JVNDB: JVNDB-2020-011883

DESCRIPTION

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery

Trust: 2.16

sources: NVD: CVE-2020-3527 // JVNDB: JVNDB-2020-011883 // CNVD: CNVD-2021-43455

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-43455

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:ltversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:16.9.0

Trust: 1.0

vendor:ciscomodel:ios xescope:gteversion:16.12.0

Trust: 1.0

vendor:ciscomodel:ios xescope:ltversion:16.9.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:ciscomodel:catalyst series switchesscope:eqversion:9200

Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // NVD: CVE-2020-3527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3527
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3527
value: HIGH

Trust: 1.0

NVD: CVE-2020-3527
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-43455
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202009-1407
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-3527
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-43455
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ykramarz@cisco.com: CVE-2020-3527
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3527
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407 // NVD: CVE-2020-3527 // NVD: CVE-2020-3527

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011883 // NVD: CVE-2020-3527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1407

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1407

PATCH

title:cisco-sa-JP-DOS-g5FfGm8yurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y

Trust: 0.8

title:Patch for Cisco Catalyst 9200 Series Switch Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/274006

Trust: 0.6

title:Cisco Catalyst 9200 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129070

Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407

EXTERNAL IDS

db:NVDid:CVE-2020-3527

Trust: 3.0

db:JVNDBid:JVNDB-2020-011883

Trust: 0.8

db:CNVDid:CNVD-2021-43455

Trust: 0.6

db:AUSCERTid:ESB-2020.3288

Trust: 0.6

db:NSFOCUSid:49361

Trust: 0.6

db:CNNVDid:CNNVD-202009-1407

Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407 // NVD: CVE-2020-3527

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jp-dos-g5ffgm8y

Trust: 2.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3527

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3288/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49361

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-catalyst-9200-denial-of-service-via-polaris-kernel-jumbo-frame-33423

Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407 // NVD: CVE-2020-3527

SOURCES

db:CNVDid:CNVD-2021-43455
db:JVNDBid:JVNDB-2020-011883
db:CNNVDid:CNNVD-202009-1407
db:NVDid:CVE-2020-3527

LAST UPDATE DATE

2024-08-14T15:28:02.777000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-43455date:2021-06-20T00:00:00
db:JVNDBid:JVNDB-2020-011883date:2021-04-19T08:00:00
db:CNNVDid:CNNVD-202009-1407date:2020-10-22T00:00:00
db:NVDid:CVE-2020-3527date:2020-10-07T00:50:49.027

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-43455date:2021-06-20T00:00:00
db:JVNDBid:JVNDB-2020-011883date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202009-1407date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3527date:2020-09-24T18:15:21.807