CVE-2020-3409

Published: Sep 24, 2020Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.

Affected (4)

Products: Cisco: Ios, Ios Xe

Cisco

2 products

Ios

Ios Xe

Configuration A

2 vulnerable · 12 platform

Vulnerable Software	Affected Versions
Cisco Ios	Version 15.2(7)e
Cisco Ios Xe	Version 15.2(7)e

Running on/with	Platform Versions
Cisco Ie 4000 16gt4g E	All versions
Cisco Ie 4000 16t4g E	All versions
Cisco Ie 4000 4gc4gp4g E	All versions
Cisco Ie 4000 4gs8gp4g E	All versions
Cisco Ie 4000 4s8p4g E	All versions
Cisco Ie 4000 4t4p4g E	All versions
Cisco Ie 4000 4tc4g E	All versions
Cisco Ie 4000 8gs4g E	All versions
Cisco Ie 4000 8gt4g E	All versions
Cisco Ie 4000 8gt8gp4g E	All versions
Cisco Ie 4000 8s4g E	All versions
Cisco Ie 4000 8t4g E	All versions

Configuration B

2 vulnerable · 21 platform

Vulnerable Software	Affected Versions
Cisco Ios	Version 16.11.1a
Cisco Ios Xe	Version 16.11.1a

Running on/with	Platform Versions
Cisco Ie 3200 8p2s E	All versions
Cisco Ie 3200 8t2s E	All versions
Cisco Ie 3300 8p2s A	All versions
Cisco Ie 3300 8p2s E	All versions
Cisco Ie 3300 8t2s A	All versions
Cisco Ie 3300 8t2s E	All versions
Cisco Ie 3300 8t2x A	All versions
Cisco Ie 3300 8t2x E	All versions
Cisco Ie 3400 8p2s A	All versions
Cisco Ie 3400 8p2s E	All versions
Cisco Ie 3400 8t2s E	All versions
Cisco Iem 3300 14t2s	All versions
Cisco Iem 3300 16p	All versions
Cisco Iem 3300 16t	All versions
Cisco Iem 3300 6t2s	All versions
Cisco Iem 3300 8p	All versions
Cisco Iem 3300 8s	All versions
Cisco Iem 3300 8t	All versions
Cisco Iem 3400 8p	All versions
Cisco Iem 3400 8s	All versions
Cisco Iem 3400 8t	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.