HIGH✓ PATCH🇬🇧 English

CVE-2020-3422

CVSS 7.5v3.1pub. 2020-09-24upd. 2024-11-21

A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Cisco 1100 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 1101 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 1109 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 1111x Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 111x Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 1120 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 1160 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 4221 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 4331 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 4431 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco 4461 Integrated Services Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1001 Hx

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1001 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1002 Hx

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1002 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1004

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1006

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1006 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1009 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 1013

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 3650

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 3850

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9200

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9300

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9400

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9500

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9600

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800

    HW
    Cisco
    wszystkie wersje
  • Cisco Csr 1000v

    HW
    Cisco
    wszystkie wersje
  • Cisco IOS XE

    OS
    Cisco
    16.9.3
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2017-12240CRITICAL9.8⚠ KEVten sam produkt

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...

CVE-2025-20363CRITICAL9.0PL ✓ten sam produkt

RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP

CVE-2020-3422 — HIGH 7.5 | CVEbaza.pl