Details of VAR-202009-1150

ID

VAR-202009-1150

CVE

CVE-2020-3527

TITLE

Cisco Catalyst 9200 Series switch Polaris Resource exhaustion vulnerability in kernel

Trust: 0.8

sources: JVNDB: JVNDB-2020-011883

DESCRIPTION

A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery

Trust: 2.16

sources: NVD: CVE-2020-3527 // JVNDB: JVNDB-2020-011883 // CNVD: CNVD-2021-43455

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-43455

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	lt	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	gte	version:	16.9.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	gte	version:	16.12.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lt	version:	16.9.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	9200	Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // NVD: CVE-2020-3527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3527
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3527
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3527
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-43455
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202009-1407
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-3527
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-43455
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ykramarz@cisco.com:	CVE-2020-3527
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-3527
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407 // NVD: CVE-2020-3527 // NVD: CVE-2020-3527

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011883 // NVD: CVE-2020-3527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1407

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1407

PATCH

title:	cisco-sa-JP-DOS-g5FfGm8y	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y	Trust: 0.8
title:	Patch for Cisco Catalyst 9200 Series Switch Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/274006	Trust: 0.6
title:	Cisco Catalyst 9200 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129070	Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3527	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-011883	Trust: 0.8
db:	CNVD	id:	CNVD-2021-43455	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3288	Trust: 0.6
db:	NSFOCUS	id:	49361	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1407	Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407 // NVD: CVE-2020-3527

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jp-dos-g5ffgm8y	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3527	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3288/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49361	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-catalyst-9200-denial-of-service-via-polaris-kernel-jumbo-frame-33423	Trust: 0.6

sources: CNVD: CNVD-2021-43455 // JVNDB: JVNDB-2020-011883 // CNNVD: CNNVD-202009-1407 // NVD: CVE-2020-3527

SOURCES

db:	CNVD	id:	CNVD-2021-43455
db:	JVNDB	id:	JVNDB-2020-011883
db:	CNNVD	id:	CNNVD-202009-1407
db:	NVD	id:	CVE-2020-3527

LAST UPDATE DATE

2024-08-14T15:28:02.777000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-43455	date:	2021-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-011883	date:	2021-04-19T08:00:00
db:	CNNVD	id:	CNNVD-202009-1407	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-3527	date:	2020-10-07T00:50:49.027

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-43455	date:	2021-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-011883	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202009-1407	date:	2020-09-24T00:00:00
db:	NVD	id:	CVE-2020-3527	date:	2020-09-24T18:15:21.807