CVE-2020-3465

Published: Sep 24, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Affected (2)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

2 vulnerable · 18 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 16.6.9
Cisco Ios Xe	Version 17.4.1

Running on/with	Platform Versions
Cisco 1100 4p	All versions
Cisco 1100 8p	All versions
Cisco 1100 Terminal Services Gateways	All versions
Cisco 1101 4p	All versions
Cisco 1109 2p	All versions
Cisco 1109 4p	All versions
Cisco 1111x 8p	All versions
Cisco 4221 Integrated Services Router	All versions
Cisco 4331 Integrated Services Router	All versions
Cisco 4431 Integrated Services Router	All versions
Cisco 4461 Integrated Services Router	All versions
Cisco 9800 Cl	All versions
Cisco 9800 L	All versions
Cisco Csr 1000v	All versions
Cisco Esr6300	All versions
Cisco Ir 1101	All versions
Cisco Isrv	All versions
Cisco Vg400	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.