Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3364

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface.

Published

2020-06-18T03:15:14.697

Last Modified

2024-11-21T05:30:53.177

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xr	6.7.1	Yes
Operating System	cisco	ios_xr	7.0.2	Yes
Operating System	cisco	ios_xr	7.0.11	Yes
Operating System	cisco	ios_xr	7.0.12	Yes
Operating System	cisco	ios_xr	7.1.1	Yes
Operating System	cisco	ios_xr	7.1.15	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt Mitigation, Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)