Critical Vulnerabilities in Cisco IOS Software

Published on 05 Jun 2020

Updated on 05 Jun 2020

Cisco has released patches to address 4 critical vulnerabilities found in their Cisco IOS Software.

The vulnerabilities are presented according to their severity classification, which is based on their CVSSv3 base scores:

Critical

vulnerabilities with a base score of 9.0 to 10.0

High

vulnerabilities with a base score of 7.0 to 8.9

Medium

vulnerabilities with a base score of 4.0 to 6.9

Low

vulnerabilities with a base score of 0.1 to 3.9

None

vulnerabilities with a base score of 0.0

 

VULNERABILITIES

CVE Number Description Base Score Affected Product
CVE-2020-3227         The vulnerability exists in the incorrect handling of requests for authorisation tokens.  9.8 Cisco IOS XE Software releases 16.3.1 and later if they are configured with the IOx application hosting infrastructure.  
 CVE-2020-3205      The vulnerability exists in the insufficient validation of signaling packets that are going into Virtual Device Server (VDS).  8.8 Cisco 809 and 829 Industrial Integrated Service Routers (ISRs)
Connected Grid Routers (CGRs) 1000
 CVE-2020-3198 The vulnerability exists in the incorrect bounds checking of certain values in packets that are going into UDP port 9700 of an affected device.  9.8 Cisco 809 and 829 Industrial Integrated Service Routers (ISRs)
Connected Grid Routers (CGRs) 1000
 CVE-2020-3258 The vulnerability exists in the affected software which permits modification of the device's run-time memory.  9.8 Cisco 809 and 829 Industrial Integrated Service Routers (ISRs)
Connected Grid Routers (CGRs) 1000

 

Users and system administrators of the affected products are advised to install the latest security updates immediately.

More information is available here:
https://www.helpnetsecurity.com/2020/06/04/cisco-plugs-security-holes/
https://www.securityweek.com/cisco-patches-dozen-vulnerabilities-industrial-routers