CVE-2020-3225
Description
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.033
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities For Cisco IOS | NCM |
| Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities For Cisco IOS XE Software | NCM |
| Improper Input Validation Vulnerability (CVE-2020-3225) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706090 | Security Update for Cisco IOS Amsterdam-17.2.1r |
| PATCH-1706107 | Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234