CVE-2020-3407 - Vulnerability Details

- Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability

Description

A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Published: 2020-09-24

Score: 8.6 High

EPSS: 1.3% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco IOS XE Software

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios_xe:15.8\(3\)m3:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:asr1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr1001-hx-rf:-:::::::*
	cpe:2.3:h:cisco:asr1001-x-rf:-:::::::*
	cpe:2.3:h:cisco:asr1001-x-ws:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx-rf:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx-ws:-:::::::*
	cpe:2.3:h:cisco:asr1002-x-rf:-:::::::*
	cpe:2.3:h:cisco:asr1002-x-ws:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9404r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9407r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9410r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
cpe:2.3:h:cisco:csr_1000v::::::::
cpe:2.3:h:cisco:ws-c3650-12x48uq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48ur:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uz:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pdm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fqm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fs:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48tq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-8x24uq:-:::::::*
cpe:2.3:h:cisco:ws-c3850:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12x48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xu:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48f:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48xs:-:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-24678	A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01258.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO

History

Wed, 13 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Cisco 1100-4g Integrated Services Router 1100-4gltegb Integrated Services Router 1100-4gltena Integrated Services Router 1100-4p Integrated Services Router 1100-6g Integrated Services Router 1100-8p Integrated Services Router 1100-lte Integrated Services Router 1100 Integrated Services Router 1101-4p Integrated Services Router 1101 Integrated Services Router 1109-2p Integrated Services Router 1109-4p Integrated Services Router 1109 Integrated Services Router 1111x-8p Integrated Services Router 1111x Integrated Services Router 111x Integrated Services Router 1120 Integrated Services Router 1160 Integrated Services Router 4221 Integrated Services Router 4331 Integrated Services Router 4431 Integrated Services Router 4451 Integrated Services Router 4461 Integrated Services Router Asr1001-hx Asr1001-hx-rf Asr1001-x-rf Asr1001-x-ws Asr1002-hx Asr1002-hx-rf Asr1002-hx-ws Asr1002-x-rf Asr1002-x-ws Asr 1000-x Asr 1001 Asr 1001-x Asr 1002 Asr 1002-x Asr 1004 Asr 1006 Asr 1013 Catalyst 9800-40 Catalyst 9800-80 Catalyst 9800-cl Catalyst 9800-l Catalyst 9800-l-c Catalyst 9800-l-f Catalyst C9200-24p Catalyst C9200-24t Catalyst C9200-48p Catalyst C9200-48t Catalyst C9200l-24p-4g Catalyst C9200l-24p-4x Catalyst C9200l-24pxg-2y Catalyst C9200l-24pxg-4x Catalyst C9200l-24t-4g Catalyst C9200l-24t-4x Catalyst C9200l-48p-4g Catalyst C9200l-48p-4x Catalyst C9200l-48pxg-2y Catalyst C9200l-48pxg-4x Catalyst C9200l-48t-4g Catalyst C9200l-48t-4x Catalyst C9300-24p Catalyst C9300-24s Catalyst C9300-24t Catalyst C9300-24u Catalyst C9300-24ux Catalyst C9300-48p Catalyst C9300-48s Catalyst C9300-48t Catalyst C9300-48u Catalyst C9300-48un Catalyst C9300-48uxm Catalyst C9300l-24p-4g Catalyst C9300l-24p-4x Catalyst C9300l-24t-4g Catalyst C9300l-24t-4x Catalyst C9300l-48p-4g Catalyst C9300l-48p-4x Catalyst C9300l-48t-4g Catalyst C9300l-48t-4x Catalyst C9404r Catalyst C9407r Catalyst C9410r Catalyst C9500-12q Catalyst C9500-16x Catalyst C9500-24q Catalyst C9500-24y4c Catalyst C9500-32c Catalyst C9500-32qc Catalyst C9500-40x Catalyst C9500-48y4c Csr 1000v Ios Xe Ws-c3650-12x48uq Ws-c3650-12x48ur Ws-c3650-12x48uz Ws-c3650-24pd Ws-c3650-24pdm Ws-c3650-24ps Ws-c3650-24td Ws-c3650-24ts Ws-c3650-48fd Ws-c3650-48fq Ws-c3650-48fqm Ws-c3650-48fs Ws-c3650-48pd Ws-c3650-48pq Ws-c3650-48ps Ws-c3650-48td Ws-c3650-48tq Ws-c3650-48ts Ws-c3650-8x24uq Ws-c3850 Ws-c3850-12s Ws-c3850-12x48u Ws-c3850-12xs Ws-c3850-24p Ws-c3850-24s Ws-c3850-24t Ws-c3850-24u Ws-c3850-24xs Ws-c3850-24xu Ws-c3850-48f Ws-c3850-48p Ws-c3850-48t Ws-c3850-48u Ws-c3850-48xs

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-09-24T18:02:04.555Z

Updated: 2024-11-13T17:55:10.495Z

Reserved: 2019-12-12T00:00:00.000Z

Link: CVE-2020-3407

Vulnrichment

Updated: 2024-08-04T07:30:58.445Z

NVD

Status : Modified

Published: 2020-09-24T18:15:18.183

Modified: 2024-11-21T05:30:58.237

Link: CVE-2020-3407

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object