CVE-2020-3244

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr_5000:-:::::::*
	cpe:2.3:h:cisco:asr_5500:-:::::::*
	cpe:2.3:h:cisco:asr_5700:-:::::::*

History

No history.

Information

Published : 2020-06-18 03:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-3244

Mitre link : CVE-2020-3244

CVE.ORG link : CVE-2020-3244

JSON object : View

Products Affected

cisco

asr_5700
asr_5000
asr_5500
staros

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2020-3244", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-06-18T03:15:11.370", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad Enhanced Charging Service (ECS) de Routers de Servicios de Agregaci\u00f3n Cisco ASR 5000 Series, podr\u00eda permitir a un atacante remoto no autenticado omitir las reglas de clasificaci\u00f3n de tr\u00e1fico sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente del tr\u00e1fico de usuarios que atraviesa un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP malformada hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante omitir las reglas de clasificaci\u00f3n de tr\u00e1fico y potencialmente evitar que sea cobrado por el consumo de tr\u00e1fico"}], "lastModified": "2021-09-17T19:00:23.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "521E4FEC-1CC7-4910-80C5-31C79D3F5393", "versionEndExcluding": "21.18.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7"}, {"criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01"}, {"criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}