CVE-2020-3449 – Cisco IOS XR Software Additional Paths Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3449
A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition. The vulnerability is due to an incorrect calculation of lexicographical order when displaying additional path information within Cisco IOS XR Software, which causes an infinite loop. An attacker could exploit this vulnerability by sending a specific BGP update from a BGP neighbor peer session of an affected device; an authorized user must then issue a show bgp command for the vulnerability to be exploited. A successful exploit could allow the attacker to prevent authorized users from properly monitoring the BGP status and prevent BGP from processing new updates, resulting in outdated information in the routing and forwarding tables. Una vulnerabilidad en la funcionalidad de rutas adicionales del Border Gateway Protocol (BGP) del Cisco IOS XR Software podría permitir a un atacante remoto no autenticado impedir que los usuarios autorizados monitoreen el estado de BGP y causar que el proceso de BGP deje de procesar nuevas actualizaciones, resultando en una condición de servicio (DOS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-ErKEqAer • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2020-3364 – Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3364
A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. Una vulnerabilidad en la funcionalidad Access Control List (ACL) de la interfaz de administración del procesador de ruta en espera de Cisco IOS XR Software, podría permitir a un atacante remoto no autenticado alcance las direcciones IP configuradas en la interfaz Gigabit Ethernet Management de administración del procesador de ruta en espera. La vulnerabilidad es debido a un error lógico que se introdujo en el Cisco IOS XR Software, que impide que la ACL funcione cuando se aplica contra la interfaz de administración del procesador de ruta en espera. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xracl-zbWSWREt • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2020-3190 – Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3190
A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get punted to the IPsec packet processor. A successful exploit could allow the attacker to deplete IPsec memory, resulting in all future IPsec packets to an affected device being dropped by the device. Manual intervention is required to recover from this situation. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipsec-dos-q8UPX6m • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-3120 – Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3120
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. • http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos • CWE-190: Integer Overflow or Wraparound •
CVE-2020-3118 – Cisco IOS XR Software Discovery Protocol Format String Vulnerability
https://notcve.org/view.php?id=CVE-2020-3118
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. • http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce • CWE-134: Use of Externally-Controlled Format String CWE-787: Out-of-bounds Write •