CVE-2020-3479

CVE Database · CVE-2020-3479

CVE-2020-3479

· MEDIUMModified

CVSS v3.1

6.1

EPSS

1.08%

Published

Sep 24, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-400

Affected Products (26)

cisco · iosvulnerable

cisco · ios_xevulnerable

cisco · 1100_integrated_services_router

cisco · 1101_integrated_services_router

cisco · 1109_integrated_services_router

cisco · 1111x_integrated_services_router

cisco · 111x_integrated_services_router

cisco · 1120_integrated_services_router

cisco · 1160_integrated_services_router

cisco · 4221_integrated_services_router

cisco · 4321_integrated_services_router

cisco · 4331_integrated_services_router

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-bgp-evpn-dos-LNfYJxfF

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-bgp-evpn-dos-LNfYJxfF

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs