CVE-2020-3221

Published Jun 3, 2020

Last updated 3 years ago

Overview

Description: A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.6
Impact score: 4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20
ykramarz@cisco.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A443E93-6C4B-4F86-BA7C-7C2A929E795A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References