CVE-2020-3426 - OpenCVE

Vendors	Products
Cisco	1240 Connected Grid Router Ios 807 Industrial Integrated Services Router 829 Industrial Integrated Services Router 1120 Connected Grid Router 809 Industrial Integrated Services Router

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA	Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "Cisco IOS 15.2(6)E4", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-24T18:01:14", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200924 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"}], "source": {"advisory": "cisco-sa-ios-lpwa-access-cXsD7PRA", "defect": [["CSCvr53526"]], "discovery": "INTERNAL"}, "title": "Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-09-24T16:00:00", "ID": "CVE-2020-3426", "STATE": "PUBLIC", "TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS 15.2(6)E4", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "7.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264"}]}]}, "references": {"reference_data": [{"name": "20200924 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"}]}, "source": {"advisory": "cisco-sa-ios-lpwa-access-cXsD7PRA", "defect": [["CSCvr53526"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3426", "datePublished": "2020-09-24T00:00:00", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2020-09-24T18:01:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6230A85-30D2-4934-A8A0-11499B7B09F8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "6835F8AD-B55D-4B57-B3B5-0095E309B2B3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AB6ACAE-8C89-48F6-95BA-DE32F4F81FE6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EEA0369-B5B1-41FD-98EE-F7F4EAB9863D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF4558F1-B87C-439F-AF8F-C19AACAB80E0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "398D63B0-F15B-409B-AFBC-DE6C94FAF815", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n del subsistema Low Power, Wide Area (LPWA) de Cisco IOS Software para Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso de lectura no autorizado a datos confidenciales o causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a la falta de mecanismos de comprobaci\u00f3n de entrada para mensajes de m\u00f3dem de protocolo virtual-LPWA (VLPWA). Un atacante podr\u00eda explotar esta vulnerabilidad mediante el suministro de paquetes dise\u00f1ados hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante conseguir acceso de lectura no autorizado a datos confidenciales o hacer que la interfaz VLPWA del dispositivo afectado se apague, resultando una condici\u00f3n DoS."}], "id": "CVE-2020-3426", "lastModified": "2023-11-07T03:22:42.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2020-09-24T18:15:19.290", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

JSON object

JSON object

JSON object