8.6
CVE-2020-3359
- EPSS 0.56%
- Veröffentlicht 24.09.2020 18:15:17
- Zuletzt bearbeitet 19.12.2024 13:52:35
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Ios Xe Version16.12.1
Cisco ≫ 2610xm Version-
Cisco ≫ 2611xm Version-
Cisco ≫ 2612 Version-
Cisco ≫ 2620xm Version-
Cisco ≫ 2621xm Version-
Cisco ≫ 2650xm Version-
Cisco ≫ 2651xm Version-
Cisco ≫ 2691 Version-
Cisco ≫ Catalyst 9800-40 Version-
Cisco ≫ Catalyst 9800-80 Version-
Cisco ≫ Catalyst 9800-cl Version-
Cisco ≫ Catalyst 9800-l Version-
Cisco ≫ Catalyst 9800-l-c Version-
Cisco ≫ Catalyst 9800-l-f Version-
Cisco ≫ 2611xm Version-
Cisco ≫ 2612 Version-
Cisco ≫ 2620xm Version-
Cisco ≫ 2621xm Version-
Cisco ≫ 2650xm Version-
Cisco ≫ 2651xm Version-
Cisco ≫ 2691 Version-
Cisco ≫ Catalyst 9800-40 Version-
Cisco ≫ Catalyst 9800-80 Version-
Cisco ≫ Catalyst 9800-cl Version-
Cisco ≫ Catalyst 9800-l Version-
Cisco ≫ Catalyst 9800-l-c Version-
Cisco ≫ Catalyst 9800-l-f Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.657 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| psirt@cisco.com | 8.6 | 3.9 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.