CVE-2020-3512 — HIGH (7.4) — White Hats Nepal

Vulnerability Description

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios Xe	15.2\(7\)e
Cisco	Catalyst 3650-12X48Uq	-
Cisco	Catalyst 3650-12X48Ur	-
Cisco	Catalyst 3650-12X48Uz	-
Cisco	Catalyst 3650-24Pd	-
Cisco	Catalyst 3650-24Pdm	-
Cisco	Catalyst 3650-48Fqm	-
Cisco	Catalyst 3650-8X24Uq	-
Cisco	Catalyst 3850-24Xs	-
Cisco	Catalyst 3850-48Xs	-
Cisco	Catalyst 3850-Nm-2-40G	-
Cisco	Catalyst 3850-Nm-8-10G	-
Cisco	Catalyst C9200-24P	-
Cisco	Catalyst C9200-24T	-
Cisco	Catalyst C9200-48P	-
Cisco	Catalyst C9200-48T	-
Cisco	Catalyst C9200L-24P-4G	-
Cisco	Catalyst C9200L-24P-4X	-
Cisco	Catalyst C9200L-24Pxg-2Y	-
Cisco	Catalyst C9200L-24Pxg-4X	-

Related Weaknesses (CWE)

CWE-400 CWE-388

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory

FAQ

What is CVE-2020-3512?

CVE-2020-3512 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a c...

How severe is CVE-2020-3512?

CVE-2020-3512 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3512?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco Catalyst 3650-12X48Uq, Cisco Catalyst 3650-12X48Ur, Cisco Catalyst 3650-12X48Uz, Cisco Catalyst 3650-24Pd.