CVE-2020-3225 — HIGH (8.6) — White Hats Nepal

Vulnerability Description

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios	12.2\(44\)ex
Cisco	Ios Xe	3.3.0xo

Related Weaknesses (CWE)

CWE-20

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory

FAQ

What is CVE-2020-3225?

CVE-2020-3225 is a vulnerability with a CVSS score of 8.6 (HIGH). Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause ...

How severe is CVE-2020-3225?

CVE-2020-3225 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3225?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe.