CVE-2020-3511

Published: Sep 24, 2020Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.

Affected (1)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

1 vulnerable · 50 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Version 15.1(4)m

Running on/with	Platform Versions
Cisco 1100 4g Integrated Services Router	All versions
Cisco 1100 4gltegb Integrated Services Router	All versions
Cisco 1100 4gltena Integrated Services Router	All versions
Cisco 1100 4p Integrated Services Router	All versions
Cisco 1100 6g Integrated Services Router	All versions
Cisco 1100 8p Integrated Services Router	All versions
Cisco 1100 Lte Integrated Services Router	All versions
Cisco 1100 Integrated Services Router	All versions
Cisco 1101 4p Integrated Services Router	All versions
Cisco 1101 Integrated Services Router	All versions
Cisco 1109 2p Integrated Services Router	All versions
Cisco 1109 4p Integrated Services Router	All versions
Cisco 1109 Integrated Services Router	All versions
Cisco 1111x 8p Integrated Services Router	All versions
Cisco 1111x Integrated Services Router	All versions
Cisco 111x Integrated Services Router	All versions
Cisco 1120 Integrated Services Router	All versions
Cisco 1160 Integrated Services Router	All versions
Cisco 422 Integrated Services Router	All versions
Cisco 4321/k9 Rf Integrated Services Router	All versions
Cisco 4321/k9 Ws Integrated Services Router	All versions
Cisco 4321/k9 Integrated Services Router	All versions
Cisco 4331/k9 Rf Integrated Services Router	All versions
Cisco 4331/k9 Ws Integrated Services Router	All versions
Cisco 4331/k9 Integrated Services Router	All versions
Cisco 4351/k9 Rf Integrated Services Router	All versions
Cisco 4351/k9 Ws Integrated Services Router	All versions
Cisco 4351/k9 Integrated Services Router	All versions
Cisco 4431 Integrated Services Router	All versions
Cisco 4461 Integrated Services Router	All versions
Cisco Asr1001 Hx	All versions
Cisco Asr1001 Hx Rf	All versions
Cisco Asr1001 X	All versions
Cisco Asr1001 X Rf	All versions
Cisco Asr1001 X Ws	All versions
Cisco Asr1002 Hx	All versions
Cisco Asr1002 Hx Rf	All versions
Cisco Asr1002 Hx Ws	All versions
Cisco Asr1002 X	All versions
Cisco Asr1002 X Rf	All versions
Cisco Asr1002 X Ws	All versions
Cisco Asr 1000 X	All versions
Cisco Asr 1001	All versions
Cisco Asr 1001 X	All versions
Cisco Asr 1002	All versions
Cisco Asr 1002 X	All versions
Cisco Asr 1004	All versions
Cisco Asr 1006	All versions
Cisco Asr 1013	All versions
Cisco Csr1000v	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.