CVE-2020-3479 — Vulnetix

CVE-2020-3479 PUBLISHED CVSS 6.099999904632568 MEDIUM

A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.

EPSS 0.39% · 60.4th percentile

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H

EPSS Score

0.39%

60.4th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco IOS 15.2(5)E1	n/a
cisco	ios_xe
cisco	ios

Exploit Intelligence

20200924 Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability (circl)

Timeline

Sep 24, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

20200924 Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-3479 advisory

Open in Interactive Console →