CVE-2020-3511

CVSS V2 Medium 6.1 CVSS V3 High 7.4
Description
A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.
Overview
  • CVE ID
  • CVE-2020-3511
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-09-24T18:15:21
  • Last Modified Date
  • 2020-10-08T14:07:16
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:cisco:ios_xe:15.1\(4\)m:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1001-hx:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1001-hx-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1001-x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1001-x-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1001-x-ws:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1002-hx:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1002-hx-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1002-hx-ws:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1002-x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1002-x-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:asr1002-x-ws:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:csr1000v:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1111x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_111x:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_422:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr1100:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr1100-4g:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr1100-4gltegb:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr1100-4gltena:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr1100-6g:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr1100-lte:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4321\/k9:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4321\/k9-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4321\/k9-ws:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4331\/k9:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4331\/k9-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4331\/k9-ws:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4351\/k9:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4351\/k9-rf:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:cisco:isr4351\/k9-ws:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:A/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • ADJACENT_NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 6.1
  • Severity
  • MEDIUM
  • Exploitability Score
  • 6.5
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Attack Vector
  • ADJACENT_NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • CHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.4
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 4
History
Created Old Value New Value Data Type Notes
2022-05-10 17:09:47 Added to TrackCVE
2022-12-04 23:19:20 psirt@cisco.com ykramarz@cisco.com CVE Assigner updated
2022-12-04 23:19:20 2020-09-24T18:15Z 2020-09-24T18:15:21 CVE Published Date updated
2022-12-04 23:19:20 2020-10-08T14:07:16 CVE Modified Date updated
2022-12-04 23:19:20 Analyzed Vulnerability Status updated