CVE-2020-3421

CVE Database · CVE-2020-3421

CVE-2020-3421

· HIGHModified

CVSS v3.1

8.6

EPSS

1.91%

Published

Sep 24, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-754CWE-754

Affected Products (38)

cisco · ios_xevulnerable

cisco · 4221_integrated_services_router

cisco · 4321_integrated_services_router

cisco · 4331_integrated_services_router

cisco · 4351_integrated_services_router

cisco · 4431_integrated_services_router

cisco · 4461_integrated_services_router

cisco · asr_1001-hx

cisco · asr_1001-x

cisco · asr_1002-hx

cisco · asr_1002-x

cisco · asr_1004

cisco · asr_1006

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs