- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerabilities in Cisco IOS Software
Alerts
Critical Vulnerabilities in Cisco IOS Software
5 June 2020
Cisco has released patches to address 4 critical vulnerabilities found in their Cisco IOS Software.
The vulnerabilities are presented according to their severity classification, which is based on their CVSSv3 base scores:
Critical vulnerabilities
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
|---|---|
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
Vulnerabilities
CVE Number | Description | Base Score | Affected Product |
|---|---|---|---|
CVE-2020-3227 | The vulnerability exists in the incorrect handling of requests for authorisation tokens. | 9.8 | Cisco IOS XE Software releases 16.3.1 and later if they are configured with the IOx application hosting infrastructure. |
CVE-2020-3205 | The vulnerability exists in the insufficient validation of signaling packets that are going into Virtual Device Server (VDS). | 8.8 | Cisco 809 and 829 Industrial Integrated Service Routers (ISRs) |
CVE-2020-3198 | The vulnerability exists in the incorrect bounds checking of certain values in packets that are going into UDP port 9700 of an affected device. | 9.8 | Cisco 809 and 829 Industrial Integrated Service Routers (ISRs) |
CVE-2020-3258 | The vulnerability exists in the affected software which permits modification of the device's run-time memory. | 9.8 | Cisco 809 and 829 Industrial Integrated Service Routers (ISRs) |
Users and system administrators of the affected products are advised to install the latest security updates immediately.
More information is available here:
https://www.helpnetsecurity.com/2020/06/04/cisco-plugs-security-holes/
https://www.securityweek.com/cisco-patches-dozen-vulnerabilities-industrial-routers