Lucene search

CiscoCVE-2020-3567

HistoryOct 08, 2020 - 5:15 a.m.

CVE-2020-3567

2020-10-0805:15:15

CWE-20

cisco

web.nvd.nist.gov

cve-2020-3567

cisco

ind

rest api

dos

vulnerability

nvd

cpu utilization

denial of service

remote attacker

crafted request

validation

exploit

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND.

Affected configurations

Nvd

Node

ciscoindustrial_network_directorRange<1.9.0

cisconetwork_level_serviceMatch1.8\(0.142\)

cisconetwork_level_serviceMatch1.9\(0.63\)

VendorProductVersionCPE
ciscoindustrial_network_director*cpe:2.3:a:cisco:industrial_network_director:*:*:*:*:*:*:*:*
cisconetwork_level_service1.8(0.142)cpe:2.3:a:cisco:network_level_service:1.8\(0.142\):*:*:*:*:*:*:*
cisconetwork_level_service1.9(0.63)cpe:2.3:a:cisco:network_level_service:1.9\(0.63\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	industrial_network_director	*	cpe:2.3:a:cisco:industrial_network_director::::::::
cisco	network_level_service	1.8(0.142)	cpe:2.3:a:cisco:network_level_service:1.8\(0.142\):::::::*
cisco	network_level_service	1.9(0.63)	cpe:2.3:a:cisco:network_level_service:1.9\(0.63\):::::::*

CNA Affected

[
  {
    "product": "Cisco Industrial Network Director",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-dos-BwG634zn

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Related for CVE-2020-3567