Detections
Analytics

Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Multiple Vulnerabilities (cisco-sa-ios-iot-gos-vuln-s9qS8kYL)

high Nessus Plugin ID 139037

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS Software is affected by multiple vulnerabilities in the IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000). Attackers can exploit these in order to cause a DoS condition or execute arbitrary code with elevated privileges on an affected device, as follows:

 - A local, low privileged attacker can execute arbitrary code in an affected system with high privileges due to incorrect bounds checking of certain type, length, value (TLV) fields of signaling packets that are exchanged between Cisco IOS Software and a Guest OS. This can be exploited by authenticating to the device by using low-privileged user credentials and then sending crafted packets, which when processed can create an exploitable buffer overflow condition. (CVE-2020-3257)

 - An authenticated, adjacent attacker can cause a DoS condition due to a vulnerability in the ingress packet processing functionality of Cisco IOS Software due to insufficient isolation of an internal, emulated Ethernet interface. This can be exploited by sending malicious IP packets. (CVE-2020-3199)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvr15042 and CSCvq68872

See Also

http://www.nessus.org/u?575acf13

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq68872

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr15042

Plugin Details

Severity: High

ID: 139037

File Name: cisco-sa-ios-iot-gos-vuln-s9qS8kYL.nasl

Version: 1.12

Type: combined

Family: CISCO

Published: 7/28/2020

Updated: 6/3/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-3199

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version, Host/Cisco/IOS/Model

Exploit Ease: No known exploits are available

Patch Publication Date: 6/3/2020

Vulnerability Publication Date: 6/3/2020

Reference Information

CVE: CVE-2020-3199, CVE-2020-3257

CISCO-SA: cisco-sa-ios-iot-gos-vuln-s9qS8kYL

IAVA: 2020-A-0239-S

CISCO-BUG-ID: CSCvq68872, CSCvr15042