CVE-2020-3147

EPSS 4.1%
Published 30.01.2020 19:15:11
Last modified 21.11.2024 05:30:25
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Sg200-50 Firmware Version < 1.3.7.18

Cisco ≫ Sg200-50 Version-

Cisco ≫ Sg200-50p Firmware Version < 1.3.7.18

Cisco ≫ Sg200-50p Version-

Cisco ≫ Sg200-50fp Firmware Version < 1.3.7.18

Cisco ≫ Sg200-50fp Version-

Cisco ≫ Sg200-26 Firmware Version < 1.3.7.18

Cisco ≫ Sg200-26 Version-

Cisco ≫ Sg200-26p Firmware Version < 1.3.7.18

Cisco ≫ Sg200-26p Version-

Cisco ≫ Sg200-26fp Firmware Version < 1.3.7.18

Cisco ≫ Sg200-26fp Version-

Cisco ≫ Sg200-18 Firmware Version < 1.3.7.18

Cisco ≫ Sg200-18 Version-

Cisco ≫ Sg200-10fp Firmware Version < 1.3.7.18

Cisco ≫ Sg200-10fp Version-

Cisco ≫ Sg200-08 Firmware Version < 1.3.7.18

Cisco ≫ Sg200-08 Version-

Cisco ≫ Sg200-08p Firmware Version < 1.3.7.18

Cisco ≫ Sg200-08p Version-

Cisco ≫ Sg200-24 Firmware Version < 1.3.7.18

Cisco ≫ Sg200-24 Version-

Cisco ≫ Sg200-24p Firmware Version < 1.3.7.18

Cisco ≫ Sg200-24p Version-

Cisco ≫ Sg200-24fp Firmware Version < 1.3.7.18

Cisco ≫ Sg200-24fp Version-

Cisco ≫ Sg200-48 Firmware Version < 1.3.7.18

Cisco ≫ Sg200-48 Version-

Cisco ≫ Sg200-48p Firmware Version < 1.3.7.18

Cisco ≫ Sg200-48p Version-

Cisco ≫ Sf302-08pp Firmware Version < 1.3.7.18

Cisco ≫ Sf302-08pp Version-

Cisco ≫ Sf302-08mpp Firmware Version < 1.3.7.18

Cisco ≫ Sf302-08mpp Version-

Cisco ≫ Sg300-10pp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-10pp Version-

Cisco ≫ Sg300-10mpp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-10mpp Version-

Cisco ≫ Sf300-24pp Firmware Version < 1.3.7.18

Cisco ≫ Sf300-24pp Version-

Cisco ≫ Sf300-48pp Firmware Version < 1.3.7.18

Cisco ≫ Sf300-48pp Version-

Cisco ≫ Sg300-28pp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-28pp Version-

Cisco ≫ Sf300-08 Firmware Version < 1.3.7.18

Cisco ≫ Sf300-08 Version-

Cisco ≫ Sf300-48p Firmware Version < 1.3.7.18

Cisco ≫ Sf300-48p Version-

Cisco ≫ Sg300-10mp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-10mp Version-

Cisco ≫ Sg300-10p Firmware Version < 1.3.7.18

Cisco ≫ Sg300-10p Version-

Cisco ≫ Sg300-10 Firmware Version < 1.3.7.18

Cisco ≫ Sg300-10 Version-

Cisco ≫ Sg300-28p Firmware Version < 1.3.7.18

Cisco ≫ Sg300-28p Version-

Cisco ≫ Sf300-24p Firmware Version < 1.3.7.18

Cisco ≫ Sf300-24p Version-

Cisco ≫ Sf302-08mp Firmware Version < 1.3.7.18

Cisco ≫ Sf302-08mp Version-

Cisco ≫ Sg300-28 Firmware Version < 1.3.7.18

Cisco ≫ Sg300-28 Version-

Cisco ≫ Sf300-48 Firmware Version < 1.3.7.18

Cisco ≫ Sf300-48 Version-

Cisco ≫ Sg300-20 Firmware Version < 1.3.7.18

Cisco ≫ Sg300-20 Version-

Cisco ≫ Sf302-08p Firmware Version < 1.3.7.18

Cisco ≫ Sf302-08p Version-

Cisco ≫ Sg300-52 Firmware Version < 1.3.7.18

Cisco ≫ Sg300-52 Version-

Cisco ≫ Sf300-24 Firmware Version < 1.3.7.18

Cisco ≫ Sf300-24 Version-

Cisco ≫ Sf302-08 Firmware Version < 1.3.7.18

Cisco ≫ Sf302-08 Version-

Cisco ≫ Sf300-24mp Firmware Version < 1.3.7.18

Cisco ≫ Sf300-24mp Version-

Cisco ≫ Sg300-10sfp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-10sfp Version-

Cisco ≫ Sg300-28mp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-28mp Version-

Cisco ≫ Sg300-52p Firmware Version < 1.3.7.18

Cisco ≫ Sg300-52p Version-

Cisco ≫ Sg300-52mp Firmware Version < 1.3.7.18

Cisco ≫ Sg300-52mp Version-

Cisco ≫ Sg500-28mpp Firmware Version < 1.3.7.18

Cisco ≫ Sg500-28mpp Version-

Cisco ≫ Sg500-52mp Firmware Version < 1.3.7.18

Cisco ≫ Sg500-52mp Version-

Cisco ≫ Sg500xg-8f8t Firmware Version < 1.3.7.18

Cisco ≫ Sg500xg-8f8t Version-

Cisco ≫ Sf500-24 Firmware Version < 1.3.7.18

Cisco ≫ Sf500-24 Version-

Cisco ≫ Sf500-24p Firmware Version < 1.3.7.18

Cisco ≫ Sf500-24p Version-

Cisco ≫ Sf500-48 Firmware Version < 1.3.7.18

Cisco ≫ Sf500-48 Version-

Cisco ≫ Sf500-48p Firmware Version < 1.3.7.18

Cisco ≫ Sf500-48p Version-

Cisco ≫ Sg500-28 Firmware Version < 1.3.7.18

Cisco ≫ Sg500-28 Version-

Cisco ≫ Sg500-28p Firmware Version < 1.3.7.18

Cisco ≫ Sg500-28p Version-

Cisco ≫ Sg500-52 Firmware Version < 1.3.7.18

Cisco ≫ Sg500-52 Version-

Cisco ≫ Sg500-52p Firmware Version < 1.3.7.18

Cisco ≫ Sg500-52p Version-

Cisco ≫ Sg500x-24 Firmware Version < 1.3.7.18

Cisco ≫ Sg500x-24 Version-

Cisco ≫ Sg500x-24p Firmware Version < 1.3.7.18

Cisco ≫ Sg500x-24p Version-

Cisco ≫ Sg500x-48 Firmware Version < 1.3.7.18

Cisco ≫ Sg500x-48 Version-

Cisco ≫ Sg500x-48p Firmware Version < 1.3.7.18

Cisco ≫ Sg500x-48p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.1%	0.881

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
psirt@cisco.com	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smlbus-switch-dos-R6VquS2u

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3147

EUVD