A vulnerability has been found in Cisco IOS XE (Router Operating System) (version now known) and classified as critical. This vulnerability affects some unknown processing of the component mDNS. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect availability. CVE summarizes:

A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.

The weakness was published 09/24/2020 as cisco-sa-mdns-dos-3tH6cA9J as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2020-3359 since 12/12/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 09/25/2020).

Upgrading eliminates this vulnerability.

Similar entries are available at 161864, 161863, 161862 and 161861.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XE

License

• commercial

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion