Sign-up

ID

VAR-202009-1163


CVE

CVE-2020-3479


TITLE

Cisco IOS  and  IOS XE  Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-011828

DESCRIPTION

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition

Trust: 1.62

sources: NVD: CVE-2020-3479 // JVNDB: JVNDB-2020-011828

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco iosscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iosscope:eqversion:xe

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-011828 // NVD: CVE-2020-3479

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3479
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202009-1394
value: HIGH

Trust: 0.6

NVD: CVE-2020-3479
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2020-3479
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-3479
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-011828 // CNNVD: CNNVD-202009-1394 // NVD: CVE-2020-3479

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-011828 // NVD: CVE-2020-3479

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-1394

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202009-1394

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-3479

PATCH
title:cisco-sa-ios-bgp-evpn-dos-LNfYJxfFurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-bgp-evpn-dos-lnfyjxff
Trust: 0.8
title:Cisco IOS  and IOS XE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129754
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-011828 // 
            
            
            
            CNNVD: CNNVD-202009-1394

EXTERNAL IDS
db:NVDid:CVE-2020-3479
Trust: 2.4
db:JVNDBid:JVNDB-2020-011828
Trust: 0.8
db:NSFOCUSid:49355
Trust: 0.6
db:AUSCERTid:ESB-2020.3277
Trust: 0.6
db:CNNVDid:CNNVD-202009-1394
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-011828 // 
            
            
            
            CNNVD: CNNVD-202009-1394 // 
            
            
            
            NVD: CVE-2020-3479

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-bgp-evpn-dos-lnfyjxff
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-3479
Trust: 1.4
url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-33416
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3277/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/49355
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-011828 // 
            
            
            
            CNNVD: CNNVD-202009-1394 // 
            
            
            
            NVD: CVE-2020-3479

SOURCES
db:JVNDBid:JVNDB-2020-011828
db:CNNVDid:CNNVD-202009-1394
db:NVDid:CVE-2020-3479

LAST UPDATE DATE
2022-05-04T09:02:29.565000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-011828date:2021-04-15T07:51:00
db:CNNVDid:CNNVD-202009-1394date:2020-10-10T00:00:00
db:NVDid:CVE-2020-3479date:2021-10-07T20:11:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-011828date:2021-04-15T00:00:00
db:CNNVDid:CNNVD-202009-1394date:2020-09-24T00:00:00
db:NVDid:CVE-2020-3479date:2020-09-24T18:15:00