7.1

CVE-2020-3220

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xe Version16.4.1
CiscoIos Xe Version16.4.2
CiscoIos Xe Version16.4.3
CiscoIos Xe Version16.5.1
CiscoIos Xe Version16.5.1a
CiscoIos Xe Version16.5.1b
CiscoIos Xe Version16.5.2
CiscoIos Xe Version16.5.3
CiscoIos Xe Version16.6.1
CiscoIos Xe Version16.6.2
CiscoIos Xe Version16.6.3
CiscoIos Xe Version16.6.4
CiscoIos Xe Version16.6.4a
CiscoIos Xe Version16.6.4s
CiscoIos Xe Version16.6.5
CiscoIos Xe Version16.6.5a
CiscoIos Xe Version16.6.5b
CiscoIos Xe Version16.6.6
CiscoIos Xe Version16.7.1
CiscoIos Xe Version16.7.1a
CiscoIos Xe Version16.7.1b
CiscoIos Xe Version16.7.2
CiscoIos Xe Version16.7.3
CiscoIos Xe Version16.7.4
CiscoIos Xe Version16.8.1
CiscoIos Xe Version16.8.1a
CiscoIos Xe Version16.8.1b
CiscoIos Xe Version16.8.1c
CiscoIos Xe Version16.8.1d
CiscoIos Xe Version16.8.1e
CiscoIos Xe Version16.8.1s
CiscoIos Xe Version16.8.2
CiscoIos Xe Version16.8.3
CiscoIos Xe Version16.9.1
CiscoIos Xe Version16.9.1a
CiscoIos Xe Version16.9.1b
CiscoIos Xe Version16.9.1c
CiscoIos Xe Version16.9.1d
CiscoIos Xe Version16.9.1s
CiscoIos Xe Version16.9.2
CiscoIos Xe Version16.9.2a
CiscoIos Xe Version16.9.2s
CiscoIos Xe Version16.9.3
CiscoIos Xe Version16.9.3a
CiscoIos Xe Version16.9.3h
CiscoIos Xe Version16.9.3s
CiscoIos Xe Version16.10.1
CiscoIos Xe Version16.10.1a
CiscoIos Xe Version16.10.1b
CiscoIos Xe Version16.10.1c
CiscoIos Xe Version16.10.1d
CiscoIos Xe Version16.10.1e
CiscoIos Xe Version16.10.1f
CiscoIos Xe Version16.10.1g
CiscoIos Xe Version16.10.1s
CiscoIos Xe Version16.10.2
CiscoIos Xe Version16.11.1
CiscoIos Xe Version16.11.1a
CiscoIos Xe Version16.11.1b
CiscoIos Xe Version16.11.1c
CiscoIos Xe Version16.11.1s
CiscoIos Xe Version16.12.1
CiscoIos Xe Version16.12.1a
CiscoIos Xe Version16.12.1c
CiscoIos Xe Version16.12.1s
CiscoIos Xe Version16.12.1t
CiscoIos Xe Version16.12.1w
CiscoIos Xe Version16.12.1y
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.42% 0.613
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 2.2 4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
psirt@cisco.com 6.8 2.2 4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.