← volver
CVE-2020-3409

Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability

CVSS 7.4 HIGHEPSS 0.5%CWE-20
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
24 sep 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Productos afectados
Cisco · Cisco IOS