Lucene search

CiscoCVE-2020-3353

HistoryJun 03, 2020 - 7:15 p.m.

CVE-2020-3353

2020-06-0319:15:11

CWE-362

cisco

web.nvd.nist.gov

cisco

ise

vulnerability

syslog

processing

engine

remote

dos

denial of service

nvd

cve-2020-3353

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition.

Affected configurations

Nvd

Node

ciscoidentity_services_engineMatch2.2.0.470-

ciscoidentity_services_engineMatch2.2.0.470patch1

ciscoidentity_services_engineMatch2.2.0.470patch10

ciscoidentity_services_engineMatch2.2.0.470patch11

ciscoidentity_services_engineMatch2.2.0.470patch12

ciscoidentity_services_engineMatch2.2.0.470patch2

ciscoidentity_services_engineMatch2.2.0.470patch3

ciscoidentity_services_engineMatch2.2.0.470patch4

ciscoidentity_services_engineMatch2.2.0.470patch5

ciscoidentity_services_engineMatch2.2.0.470patch6

ciscoidentity_services_engineMatch2.2.0.470patch7

ciscoidentity_services_engineMatch2.2.0.470patch8

ciscoidentity_services_engineMatch2.2.0.470patch9

ciscoidentity_services_engineMatch2.3.0.298-

ciscoidentity_services_engineMatch2.3.0.298patch1

ciscoidentity_services_engineMatch2.3.0.298patch2

ciscoidentity_services_engineMatch2.3.0.298patch3

ciscoidentity_services_engineMatch2.3.0.298patch4

ciscoidentity_services_engineMatch2.3.0.298patch5

ciscoidentity_services_engineMatch2.4.0.357-

ciscoidentity_services_engineMatch2.4.0.357patch1

VendorProductVersionCPE
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:-:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch1:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch10:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch11:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch12:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch2:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch3:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch4:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch5:*:*:*:*:*:*
ciscoidentity_services_engine2.2.0.470cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch6:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:-::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch1::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch10::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch11::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch12::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch2::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch3::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch4::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch5::::::
cisco	identity_services_engine	2.2.0.470	cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch6::::::

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-qNzq39K7

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2020-3353