CVE-2020-3407

A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

CVSS v3 8.6 HIGH
CVSS v2.0 7.1 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios_xe:15.8\(3\)m3:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
	cpe:2.3:h:cisco:asr1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr1001-hx-rf:-:::::::*
	cpe:2.3:h:cisco:asr1001-x-rf:-:::::::*
	cpe:2.3:h:cisco:asr1001-x-ws:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx-rf:-:::::::*
	cpe:2.3:h:cisco:asr1002-hx-ws:-:::::::*
	cpe:2.3:h:cisco:asr1002-x-rf:-:::::::*
	cpe:2.3:h:cisco:asr1002-x-ws:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-24t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200-48t:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-24t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48p-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-2y:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48pxg-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4g:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9200l-48t-4x:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24p:-:::::::*
	cpe:2.3:h:cisco:catalyst_c9300-24s:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24t:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24u:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-24ux:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48p:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48s:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48t:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48u:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48un:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300-48uxm:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24p-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24p-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24t-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-24t-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48p-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48p-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48t-4g:-:::::::*
cpe:2.3:h:cisco:catalyst_c9300l-48t-4x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9404r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9407r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9410r:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-12q:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-16x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-24q:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-24y4c:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-32c:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-32qc:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-40x:-:::::::*
cpe:2.3:h:cisco:catalyst_c9500-48y4c:-:::::::*
cpe:2.3:h:cisco:csr_1000v::::::::
cpe:2.3:h:cisco:ws-c3650-12x48uq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48ur:-:::::::*
cpe:2.3:h:cisco:ws-c3650-12x48uz:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24pdm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-24ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fqm:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48fs:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pd:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48pq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ps:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48td:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48tq:-:::::::*
cpe:2.3:h:cisco:ws-c3650-48ts:-:::::::*
cpe:2.3:h:cisco:ws-c3650-8x24uq:-:::::::*
cpe:2.3:h:cisco:ws-c3850:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12x48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-12xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24s:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xs:-:::::::*
cpe:2.3:h:cisco:ws-c3850-24xu:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48f:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48p:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48t:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48u:-:::::::*
cpe:2.3:h:cisco:ws-c3850-48xs:-:::::::*

History

21 Nov 2024, 05:30

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO - Vendor Advisory

23 May 2023, 13:55

Type	Values Removed	Values Added
CPE	cpe:2.3:h:cisco:isr1100-lte:-:::::::* cpe:2.3:h:cisco:isr1100-4gltena:-:::::::* cpe:2.3:h:cisco:isr1100:-:::::::* cpe:2.3:h:cisco:isr1100-6g:-:::::::* cpe:2.3:h:cisco:isr1100-4g:-:::::::* cpe:2.3:h:cisco:isr1100-4gltegb:-:::::::*	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*

22 May 2023, 18:57

Type	Values Removed	Values Added
CPE	cpe:2.3:h:cisco:isr_1100-8p:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1109-2p:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_1111x-8p:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_1100-4p:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1109-4p:-:::::::* cpe:2.3:h:cisco:isr_1101-4p:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::*	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::* cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*

22 May 2023, 17:08

Type	Values Removed	Values Added
CPE	cpe:2.3:h:cisco:integrated_services_router_4461:-:::::::* cpe:2.3:h:cisco:integrated_services_router_4331:-:::::::* cpe:2.3:h:cisco:integrated_services_router_4451:-:::::::* cpe:2.3:h:cisco:integrated_services_router_4221:-:::::::* cpe:2.3:h:cisco:integrated_services_router_4431:-:::::::*	cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::* cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*

27 Oct 2022, 15:47

Type	Values Removed	Values Added
CPE	cpe:2.3:a:cisco:ios_xe:15.8\(3\)m3:::::::*	cpe:2.3:o:cisco:ios_xe:15.8\(3\)m3:::::::*

Information

Published : 2020-09-24 18:15

Updated : 2024-11-21 05:30

NVD link : CVE-2020-3407

Mitre link : CVE-2020-3407

CVE.ORG link : CVE-2020-3407

JSON object : View

Products Affected

cisco

asr1002-hx-rf
ws-c3650-24pdm
catalyst_c9300-48s
ws-c3650-12x48uq
ws-c3650-24ps
catalyst_c9300l-48p-4g
ws-c3650-24td
asr_1001-x
4461_integrated_services_router
asr1001-hx
ws-c3650-48fq
ws-c3650-48pd
catalyst_c9300-48u
asr_1013
4331_integrated_services_router
csr_1000v
ws-c3850-12x48u
catalyst_c9500-12q
catalyst_c9300-48uxm
asr_1000-x
4451_integrated_services_router
catalyst_c9200l-48t-4g
ws-c3850-24s
catalyst_c9200l-24pxg-4x
ws-c3650-48td
ws-c3650-48fs
ws-c3850-48p
catalyst_c9300-48p
asr1002-hx
1100-4gltena_integrated_services_router
catalyst_c9300-24s
ws-c3650-12x48ur
catalyst_c9200-48t
catalyst_9800-80
catalyst_c9500-16x
catalyst_c9407r
1109_integrated_services_router
1160_integrated_services_router
asr1002-x-ws
ws-c3850-24xu
asr_1002
ws-c3850-12s
1111x-8p_integrated_services_router
asr_1004
ws-c3650-24ts
catalyst_9800-l-f
catalyst_c9300l-48p-4x
ws-c3650-48ps
ws-c3650-48ts
ws-c3650-8x24uq
catalyst_c9200l-48pxg-2y
ws-c3850-48t
catalyst_c9200l-24t-4g
asr1001-hx-rf
ws-c3850-12xs
ws-c3650-48tq
catalyst_c9200l-24p-4g
catalyst_c9300-24ux
ws-c3850-24p
catalyst_c9500-40x
catalyst_c9300l-24p-4g
4431_integrated_services_router
1111x_integrated_services_router
catalyst_c9300l-48t-4g
ws-c3850-48xs
ws-c3650-12x48uz
ws-c3850-24t
catalyst_c9300l-48t-4x
asr_1002-x
catalyst_c9500-32qc
asr1002-hx-ws
1100-4gltegb_integrated_services_router
111x_integrated_services_router
ws-c3650-24pd
catalyst_c9200l-48p-4x
catalyst_c9300-48t
catalyst_c9300-24p
catalyst_c9300l-24t-4x
ws-c3850-24u
catalyst_c9200l-24p-4x
catalyst_c9200l-48p-4g
ws-c3850-24xs
catalyst_9800-l
1100-lte_integrated_services_router
catalyst_c9300l-24t-4g
4221_integrated_services_router
catalyst_c9500-48y4c
asr_1006
1109-2p_integrated_services_router
catalyst_c9404r
catalyst_c9500-24y4c
asr_1001
catalyst_c9200l-24pxg-2y
ws-c3850
catalyst_c9200l-48t-4x
catalyst_c9500-24q
asr1002-x-rf
catalyst_c9200-24p
catalyst_9800-cl
asr1001-x-rf
catalyst_c9300l-24p-4x
catalyst_c9200-24t
catalyst_c9300-24u
catalyst_c9410r
1100_integrated_services_router
ios_xe
catalyst_c9300-48un
1120_integrated_services_router
catalyst_c9200l-48pxg-4x
ws-c3650-48pq
ws-c3650-48fqm
1101-4p_integrated_services_router
ws-c3850-48u
1109-4p_integrated_services_router
catalyst_c9500-32c
asr1001-x-ws
catalyst_9800-l-c
catalyst_c9200l-24t-4x
1100-4p_integrated_services_router
catalyst_9800-40
1100-8p_integrated_services_router
1100-6g_integrated_services_router
ws-c3650-48fd
1100-4g_integrated_services_router
ws-c3850-48f
catalyst_c9200-48p
1101_integrated_services_router
catalyst_c9300-24t

CWE

CWE-476

NULL Pointer Dereference

8.6 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

7.1 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3407

8.6^/10

7.1^/10

Attach tags to `CVE-2020-3407`