CVE-2020-3203

Published Jun 3, 2020

Last updated 3 years ago

Overview

Description: A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-401
ykramarz@cisco.com: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ED5527C-A638-4E20-9928-099E32E17743"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A685A9A-235D-4D74-9D6C-AC49E75709CA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43052998-0A27-4E83-A884-A94701A3F4CE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89526731-B712-43D3-B451-D7FC503D2D65"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "302933FE-4B6A-48A3-97F0-4B943251B717"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8120196-8648-49D0-8262-CD4C9C90C37A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E7CCE2-C685-4019-9B55-B3BECB3E5F76"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0699DD6E-BA74-4814-93AB-300329C9D032"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2E2D781-2684-45F1-AC52-636572A0DCA8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "479FB47B-AF2E-4FCB-8DE0-400BF325666C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF2B4C78-5C31-4F3D-9639-305E15576E79"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C09F0A2-B21F-40ED-A6A8-9A29D6E1C6A8"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77E8AF15-AB46-4EAB-8872-8C55E8601599"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "957318BE-55D4-4585-AA52-C813301D01C3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F11B703-8A0F-47ED-AA70-951FF78B94A4"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE7B2557-821D-4E05-B5C3-67192573D97D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "187F699A-AF2F-42B0-B855-27413140C384"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62EDEC28-661E-42EF-88F0-F62D0220D2E5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FBD681F-7969-42BE-A47E-7C287755DCB5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98255E6F-3056-487D-9157-403836EFB9D3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47DBE4ED-1CD8-4134-9B33-17A91F44F17B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A443E93-6C4B-4F86-BA7C-7C2A929E795A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ECEDD9D-6517-44BA-A95F-D1D5488C0E41"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5019B59-508E-40B0-9C92-2C26F58E2FBE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "838D6C2D-C131-4A9C-AAE5-5BF38E637E4B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References