Cisco Security Advisories Published on September 24, 2020

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-24. The following PSIRT security advisories (29 High) were published at 16:00 UTC today.

1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability CVE-2020-3526 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW

+——————————————————————–

2) Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability CVE-2020-3552 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY

+——————————————————————–

3) Cisco IOS XE ROM Monitor Software Vulnerability CVE-2020-3524 SIR: High CVSS Score v(3.0): 6.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC

+——————————————————————–

4) Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability CVE-2020-3465 SIR: High CVSS Score v(3.1): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625

+——————————————————————–

5) Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities CVE-2020-3416, CVE-2020-3513 SIR: High CVSS Score v(3.1): 6.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c

+——————————————————————–

6) Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability CVE-2020-3508 SIR: High CVSS Score v(3.1): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ

+——————————————————————–

7) Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability CVE-2020-3511 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf

+——————————————————————–

8) Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability CVE-2020-3512 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5

+——————————————————————–

9) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability CVE-2020-3509 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcp-dos-JSCKX43h

+——————————————————————–

10) Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability CVE-2020-3510 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37

+——————————————————————–

11) Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability CVE-2020-3527 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y

+——————————————————————–

12) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability CVE-2020-3429 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc

+——————————————————————–

13) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability CVE-2020-3428 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3

+——————————————————————–

14) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability CVE-2020-3359 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J

+——————————————————————–

15) Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability CVE-2020-3492 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX

+——————————————————————–

16) Cisco IOS XE Software Privilege Escalation Vulnerabilities CVE-2020-3141, CVE-2020-3425 SIR: High CVSS Score v(3.1): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM

+——————————————————————–

17) Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability CVE-2020-3426 SIR: High CVSS Score v(3.1): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA

+——————————————————————–

18) Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability CVE-2020-3422 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-jw2DJmSv

+——————————————————————–

19) Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities CVE-2020-3421, CVE-2020-3480 SIR: High CVSS Score v(3.1): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G

+——————————————————————–

20) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities CVE-2020-3486, CVE-2020-3487, CVE-2020-3488, CVE-2020-3489, CVE-2020-3493, CVE-2020-3494, CVE-2020-3497 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq

+——————————————————————–

21) Cisco IOS XE Software Arbitrary Code Execution Vulnerability CVE-2020-3417 SIR: High CVSS Score v(3.1): 6.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS

+——————————————————————–

22) Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability CVE-2020-3414 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISR4461-gKKUROhx

+——————————————————————–

23) Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability CVE-2020-3409 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB

+——————————————————————–

24) Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability CVE-2020-3408 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW

+——————————————————————–

25) Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability CVE-2020-3407 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO

+——————————————————————–

26) Cisco IOS XE Software Web UI Authorization Bypass Vulnerability CVE-2020-3400 SIR: High CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7

+——————————————————————–

27) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability CVE-2020-3399 SIR: High CVSS Score v(3.1): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf

+——————————————————————–

28) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability CVE-2020-3390 SIR: High CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K

+——————————————————————–

29) Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability CVE-2020-3560 SIR: High CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y

Share