Vulnerability Description
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 16.12.1 |
| Cisco | Catalyst C9200-24P | - |
| Cisco | Catalyst C9200-24T | - |
| Cisco | Catalyst C9200-48P | - |
| Cisco | Catalyst C9200-48T | - |
| Cisco | Catalyst C9200L-24P-4G | - |
| Cisco | Catalyst C9200L-24P-4X | - |
| Cisco | Catalyst C9200L-24Pxg-2Y | - |
| Cisco | Catalyst C9200L-24Pxg-4X | - |
| Cisco | Catalyst C9200L-24T-4G | - |
| Cisco | Catalyst C9200L-24T-4X | - |
| Cisco | Catalyst C9200L-48P-4G | - |
| Cisco | Catalyst C9200L-48P-4X | - |
| Cisco | Catalyst C9200L-48Pxg-2Y | - |
| Cisco | Catalyst C9200L-48Pxg-4X | - |
| Cisco | Catalyst C9200L-48T-4G | - |
| Cisco | Catalyst C9200L-48T-4X | - |
| Cisco | Catalyst C9300-24P | - |
| Cisco | Catalyst C9300-24S | - |
| Cisco | Catalyst C9300-24T | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
FAQ
What is CVE-2020-3510?
CVE-2020-3510 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a...
How severe is CVE-2020-3510?
CVE-2020-3510 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3510?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Catalyst C9200-24P, Cisco Catalyst C9200-24T, Cisco Catalyst C9200-48P, Cisco Catalyst C9200-48T.