CVE-2020-3220

03.06.2020, 18:15

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
cisco	CNA	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Vendor	Product	Version
cisco	ios_xe	16.4.1
cisco	ios_xe	16.4.2
cisco	ios_xe	16.4.3
cisco	ios_xe	16.5.1
cisco	ios_xe	16.5.1a:a
cisco	ios_xe	16.5.1b:b
cisco	ios_xe	16.5.2
cisco	ios_xe	16.5.3
cisco	ios_xe	16.6.1
cisco	ios_xe	16.6.2
cisco	ios_xe	16.6.3
cisco	ios_xe	16.6.4
cisco	ios_xe	16.6.4a:a
cisco	ios_xe	16.6.4s:s
cisco	ios_xe	16.6.5
cisco	ios_xe	16.6.5a:a
cisco	ios_xe	16.6.5b:b
cisco	ios_xe	16.6.6
cisco	ios_xe	16.7.1
cisco	ios_xe	16.7.1a:a
cisco	ios_xe	16.7.1b:b
cisco	ios_xe	16.7.2
cisco	ios_xe	16.7.3
cisco	ios_xe	16.7.4
cisco	ios_xe	16.8.1
cisco	ios_xe	16.8.1a:a
cisco	ios_xe	16.8.1b:b
cisco	ios_xe	16.8.1c:c
cisco	ios_xe	16.8.1d:d
cisco	ios_xe	16.8.1e:e
cisco	ios_xe	16.8.1s:s
cisco	ios_xe	16.8.2
cisco	ios_xe	16.8.3
cisco	ios_xe	16.9.1
cisco	ios_xe	16.9.1a:a
cisco	ios_xe	16.9.1b:b
cisco	ios_xe	16.9.1c:c
cisco	ios_xe	16.9.1d:d
cisco	ios_xe	16.9.1s:s
cisco	ios_xe	16.9.2
cisco	ios_xe	16.9.2a:a
cisco	ios_xe	16.9.2s:s
cisco	ios_xe	16.9.3
cisco	ios_xe	16.9.3a:a
cisco	ios_xe	16.9.3h:h
cisco	ios_xe	16.9.3s:s
cisco	ios_xe	16.10.1
cisco	ios_xe	16.10.1a:a
cisco	ios_xe	16.10.1b:b
cisco	ios_xe	16.10.1c:c
cisco	ios_xe	16.10.1d:d
cisco	ios_xe	16.10.1e:e
cisco	ios_xe	16.10.1f:f
cisco	ios_xe	16.10.1g:g
cisco	ios_xe	16.10.1s:s
cisco	ios_xe	16.10.2
cisco	ios_xe	16.11.1
cisco	ios_xe	16.11.1a:a
cisco	ios_xe	16.11.1b:b
cisco	ios_xe	16.11.1c:c
cisco	ios_xe	16.11.1s:s
cisco	ios_xe	16.12.1
cisco	ios_xe	16.12.1a:a
cisco	ios_xe	16.12.1c:c
cisco	ios_xe	16.12.1s:s
cisco	ios_xe	16.12.1t:t
cisco	ios_xe	16.12.1w:w
cisco	ios_xe	16.12.1y:y

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-vpn-dos-edOmW28Z