CVE-2020-3421

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3.0 7.5 HIGH
CVSS v2.0 7.1 HIGH

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:isr_4221:-:::::::*
	cpe:2.3:h:cisco:isr_4321:-:::::::*
	cpe:2.3:h:cisco:isr_4331:-:::::::*
	cpe:2.3:h:cisco:isr_4351:-:::::::*
	cpe:2.3:h:cisco:isr_4431:-:::::::*
	cpe:2.3:h:cisco:isr_4461:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:ios_xe:17.2:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:csr_1000v:-:::::::*
	cpe:2.3:h:cisco:isr_1100:-:::::::*
	cpe:2.3:h:cisco:isr_4221:-:::::::*
	cpe:2.3:h:cisco:isr_4331:-:::::::*
	cpe:2.3:h:cisco:isr_4431:-:::::::*
	cpe:2.3:h:cisco:isr_4461:-:::::::*
	cpe:2.3:h:cisco:isr_1101:-:::::::*
	cpe:2.3:h:cisco:isr_1109:-:::::::*
	cpe:2.3:h:cisco:isr_111x:-:::::::*
	cpe:2.3:h:cisco:isr_1111x:-:::::::*
	cpe:2.3:h:cisco:isr_1120:-:::::::*
	cpe:2.3:h:cisco:isr_1160:-:::::::*

Information

Published : 2020-09-24 11:15

Updated : 2020-10-08 18:13

NVD link : CVE-2020-3421

Mitre link : CVE-2020-3421

JSON object : View

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

Products Affected

cisco

isr_4431
asr_1006-x
asr_1001-hx
isr_4351
ios_xe
asr_1013
asr_1006
isr_1100
isr_4221
isr_4321
isr_111x
isr_1160
isr_1120
isr_4331
asr_1002-x
asr_1009-x
isr_1109
asr_1002-hx
isr_1111x
csr_1000v
asr_1001-x
asr_1004
isr_4461
isr_1101

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3421

7.5^/10

7.1^/10

Attach tags to `CVE-2020-3421`