Lucene search

CiscoCVE-2020-3257

HistoryJun 03, 2020 - 6:15 p.m.

CVE-2020-3257

2020-06-0318:15:21

CWE-119

CWE-20

cisco

web.nvd.nist.gov

cisco

iox

vulnerability

cisco 809

cisco 829

industrial isr

cisco 1000 series

cgr1000

dos

arbitrary code execution

elevated privileges

nvd

cve-2020-3257

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd

Node

ciscoiosMatch15.8\(3.0z\)m1

ciscoiosMatch15.9

AND

cisco1120_connected_grid_routerMatch-

cisco1240_connected_grid_routerMatch-

ciscoir809g-lte-ga-k9Match-

ciscoir809g-lte-la-k9Match-

ciscoir809g-lte-na-k9Match-

ciscoir809g-lte-vz-k9Match-

ciscoir829-2lte-ea-ak9Match-

ciscoir829-2lte-ea-bk9Match-

ciscoir829-2lte-ea-ek9Match-

ciscoir829gw-lte-ga-ck9Match-

ciscoir829gw-lte-ga-ek9Match-

ciscoir829gw-lte-ga-sk9Match-

ciscoir829gw-lte-ga-zk9Match-

ciscoir829gw-lte-na-ak9Match-

ciscoir829gw-lte-vz-ak9Match-

VendorProductVersionCPE
ciscoios15.8(3.0z)m1cpe:2.3:o:cisco:ios:15.8\(3.0z\)m1:*:*:*:*:*:*:*
ciscoios15.9cpe:2.3:o:cisco:ios:15.9:*:*:*:*:*:*:*
cisco1120_connected_grid_router-cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*
cisco1240_connected_grid_router-cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*
ciscoir809g-lte-ga-k9-cpe:2.3:h:cisco:ir809g-lte-ga-k9:-:*:*:*:*:*:*:*
ciscoir809g-lte-la-k9-cpe:2.3:h:cisco:ir809g-lte-la-k9:-:*:*:*:*:*:*:*
ciscoir809g-lte-na-k9-cpe:2.3:h:cisco:ir809g-lte-na-k9:-:*:*:*:*:*:*:*
ciscoir809g-lte-vz-k9-cpe:2.3:h:cisco:ir809g-lte-vz-k9:-:*:*:*:*:*:*:*
ciscoir829-2lte-ea-ak9-cpe:2.3:h:cisco:ir829-2lte-ea-ak9:-:*:*:*:*:*:*:*
ciscoir829-2lte-ea-bk9-cpe:2.3:h:cisco:ir829-2lte-ea-bk9:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	15.8(3.0z)m1	cpe:2.3:o:cisco:ios:15.8\(3.0z\)m1:::::::*
cisco	ios	15.9	cpe:2.3:o:cisco:ios:15.9:::::::*
cisco	1120_connected_grid_router	-	cpe:2.3:h:cisco:1120_connected_grid_router:-:::::::*
cisco	1240_connected_grid_router	-	cpe:2.3:h:cisco:1240_connected_grid_router:-:::::::*
cisco	ir809g-lte-ga-k9	-	cpe:2.3:h:cisco:ir809g-lte-ga-k9:-:::::::*
cisco	ir809g-lte-la-k9	-	cpe:2.3:h:cisco:ir809g-lte-la-k9:-:::::::*
cisco	ir809g-lte-na-k9	-	cpe:2.3:h:cisco:ir809g-lte-na-k9:-:::::::*
cisco	ir809g-lte-vz-k9	-	cpe:2.3:h:cisco:ir809g-lte-vz-k9:-:::::::*
cisco	ir829-2lte-ea-ak9	-	cpe:2.3:h:cisco:ir829-2lte-ea-ak9:-:::::::*
cisco	ir829-2lte-ea-bk9	-	cpe:2.3:h:cisco:ir829-2lte-ea-bk9:-:::::::*

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "product": "Cisco IOS 12.2(60)EZ16",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Related for CVE-2020-3257