What is CVE-2020-3205 vulnerability about?

The vulnerability in the inter-VM channel of Cisco IOS Software for Industrial ISRs and Connected Grid Routers could allow arbitrary command execution by an unauthenticated adjacent attacker.

What is the severity of CVE-2020-3205?

The severity of CVE-2020-3205 is rated as high with a CVSS score of 8.8.

How can I fix CVE-2020-3205?

To mitigate this vulnerability, Cisco has provided security updates and it is recommended to apply the patches provided by Cisco.

Vulnerability/
CVE-2020-3205

high

8.8

CWE

78 20

3/6/2020

15/11/2024

CVE-2020-3205: Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

First published: Wed Jun 03 2020(Updated: )

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS	=12.2\(60\)ez16
Cisco IOS	=15.0\(2\)sg11a
Cisco IOS	=15.2\(4\)jaz1
Cisco IOS	=15.3\(3\)jaa1
Cisco IOS	=15.3\(3\)jpi
Cisco IOS	=15.3\(3\)jpj
Cisco IOS	=15.4\(1\)cg
Cisco IOS	=15.4\(2\)cg
Cisco IOS	=15.4\(3\)m
Cisco IOS	=15.4\(3\)m1
Cisco IOS	=15.4\(3\)m2
Cisco IOS	=15.4\(3\)m3
Cisco IOS	=15.4\(3\)m4
Cisco IOS	=15.4\(3\)m5
Cisco IOS	=15.4\(3\)m6
Cisco IOS	=15.4\(3\)m6a
Cisco IOS	=15.4\(3\)m7
Cisco IOS	=15.4\(3\)m8
Cisco IOS	=15.4\(3\)m9
Cisco IOS	=15.4\(3\)m10
Cisco IOS	=15.5\(1\)t
Cisco IOS	=15.5\(1\)t2
Cisco IOS	=15.5\(1\)t3
Cisco IOS	=15.5\(1\)t4
Cisco IOS	=15.5\(2\)t
Cisco IOS	=15.5\(2\)t1
Cisco IOS	=15.5\(2\)t2
Cisco IOS	=15.5\(2\)t3
Cisco IOS	=15.5\(2\)t4
Cisco IOS	=15.5\(3\)m
Cisco IOS	=15.5\(3\)m0a
Cisco IOS	=15.5\(3\)m1
Cisco IOS	=15.5\(3\)m2
Cisco IOS	=15.5\(3\)m2a
Cisco IOS	=15.5\(3\)m3
Cisco IOS	=15.5\(3\)m4
Cisco IOS	=15.5\(3\)m4a
Cisco IOS	=15.5\(3\)m5
Cisco IOS	=15.5\(3\)m6
Cisco IOS	=15.5\(3\)m6a
Cisco IOS	=15.5\(3\)m7
Cisco IOS	=15.5\(3\)m8
Cisco IOS	=15.5\(3\)m9
Cisco IOS	=15.5\(3\)m10
Cisco IOS	=15.5\(3\)m11
Cisco IOS	=15.6\(1\)t
Cisco IOS	=15.6\(1\)t0a
Cisco IOS	=15.6\(1\)t1
Cisco IOS	=15.6\(1\)t2
Cisco IOS	=15.6\(1\)t3
Cisco IOS	=15.6\(2\)t
Cisco IOS	=15.6\(2\)t1
Cisco IOS	=15.6\(2\)t2
Cisco IOS	=15.6\(2\)t3
Cisco IOS	=15.6\(3\)m
Cisco IOS	=15.6\(3\)m0a
Cisco IOS	=15.6\(3\)m1
Cisco IOS	=15.6\(3\)m1b
Cisco IOS	=15.6\(3\)m2
Cisco IOS	=15.6\(3\)m3
Cisco IOS	=15.6\(3\)m3a
Cisco IOS	=15.6\(3\)m4
Cisco IOS	=15.6\(3\)m5
Cisco IOS	=15.6\(3\)m6
Cisco IOS	=15.6\(3\)m6a
Cisco IOS	=15.6\(3\)m6b
Cisco IOS	=15.6\(3\)m7
Cisco IOS	=15.6\(3\)m8
Cisco IOS	=15.6\(3\)m9
Cisco IOS	=15.7\(3\)m
Cisco IOS	=15.7\(3\)m1
Cisco IOS	=15.7\(3\)m2
Cisco IOS	=15.7\(3\)m3
Cisco IOS	=15.7\(3\)m4
Cisco IOS	=15.7\(3\)m4a
Cisco IOS	=15.7\(3\)m4b
Cisco IOS	=15.7\(3\)m5
Cisco IOS	=15.7\(3\)m6
Cisco IOS	=15.7\(3\)m7
Cisco IOS	=15.8\(3\)m
Cisco IOS	=15.8\(3\)m0a
Cisco IOS	=15.8\(3\)m1
Cisco IOS	=15.8\(3\)m2
Cisco IOS	=15.8\(3\)m2a
Cisco IOS	=15.8\(3\)m3
Cisco IOS	=15.8\(3\)m3a
Cisco IOS	=15.8\(3\)m3b
Cisco IOS	=15.8\(3\)m4
Cisco IOS	=15.8\(3\)m5
Cisco IOS	=15.9\(3\)m
Cisco IOS	=15.9\(3\)m0a
Cisco 1120
Cisco 1240
Cisco 809
Cisco 829

Remedy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt

Frequently Asked Questions

What is CVE-2020-3205 vulnerability about?
The vulnerability in the inter-VM channel of Cisco IOS Software for Industrial ISRs and Connected Grid Routers could allow arbitrary command execution by an unauthenticated adjacent attacker.
What is the severity of CVE-2020-3205?
The severity of CVE-2020-3205 is rated as high with a CVSS score of 8.8.
How can I fix CVE-2020-3205?
To mitigate this vulnerability, Cisco has provided security updates and it is recommended to apply the patches provided by Cisco.

collector/nvd-index
agent/weakness
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/severity
agent/remedy
agent/title
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/cisco
canonical/cisco ios
version/cisco ios/12.2\(60\)ez16
version/cisco ios/15.0\(2\)sg11a
version/cisco ios/15.2\(4\)jaz1
version/cisco ios/15.3\(3\)jaa1
version/cisco ios/15.3\(3\)jpi
version/cisco ios/15.3\(3\)jpj
version/cisco ios/15.4\(1\)cg
version/cisco ios/15.4\(2\)cg
version/cisco ios/15.4\(3\)m
version/cisco ios/15.4\(3\)m1
version/cisco ios/15.4\(3\)m2
version/cisco ios/15.4\(3\)m3
version/cisco ios/15.4\(3\)m4
version/cisco ios/15.4\(3\)m5
version/cisco ios/15.4\(3\)m6
version/cisco ios/15.4\(3\)m6a
version/cisco ios/15.4\(3\)m7
version/cisco ios/15.4\(3\)m8
version/cisco ios/15.4\(3\)m9
version/cisco ios/15.4\(3\)m10
version/cisco ios/15.5\(1\)t
version/cisco ios/15.5\(1\)t2
version/cisco ios/15.5\(1\)t3
version/cisco ios/15.5\(1\)t4
version/cisco ios/15.5\(2\)t
version/cisco ios/15.5\(2\)t1
version/cisco ios/15.5\(2\)t2
version/cisco ios/15.5\(2\)t3
version/cisco ios/15.5\(2\)t4
version/cisco ios/15.5\(3\)m
version/cisco ios/15.5\(3\)m0a
version/cisco ios/15.5\(3\)m1
version/cisco ios/15.5\(3\)m2
version/cisco ios/15.5\(3\)m2a
version/cisco ios/15.5\(3\)m3
version/cisco ios/15.5\(3\)m4
version/cisco ios/15.5\(3\)m4a
version/cisco ios/15.5\(3\)m5
version/cisco ios/15.5\(3\)m6
version/cisco ios/15.5\(3\)m6a
version/cisco ios/15.5\(3\)m7
version/cisco ios/15.5\(3\)m8
version/cisco ios/15.5\(3\)m9
version/cisco ios/15.5\(3\)m10
version/cisco ios/15.5\(3\)m11
version/cisco ios/15.6\(1\)t
version/cisco ios/15.6\(1\)t0a
version/cisco ios/15.6\(1\)t1
version/cisco ios/15.6\(1\)t2
version/cisco ios/15.6\(1\)t3
version/cisco ios/15.6\(2\)t
version/cisco ios/15.6\(2\)t1
version/cisco ios/15.6\(2\)t2
version/cisco ios/15.6\(2\)t3
version/cisco ios/15.6\(3\)m
version/cisco ios/15.6\(3\)m0a
version/cisco ios/15.6\(3\)m1
version/cisco ios/15.6\(3\)m1b
version/cisco ios/15.6\(3\)m2
version/cisco ios/15.6\(3\)m3
version/cisco ios/15.6\(3\)m3a
version/cisco ios/15.6\(3\)m4
version/cisco ios/15.6\(3\)m5
version/cisco ios/15.6\(3\)m6
version/cisco ios/15.6\(3\)m6a
version/cisco ios/15.6\(3\)m6b
version/cisco ios/15.6\(3\)m7
version/cisco ios/15.6\(3\)m8
version/cisco ios/15.6\(3\)m9
version/cisco ios/15.7\(3\)m
version/cisco ios/15.7\(3\)m1
version/cisco ios/15.7\(3\)m2
version/cisco ios/15.7\(3\)m3
version/cisco ios/15.7\(3\)m4
version/cisco ios/15.7\(3\)m4a
version/cisco ios/15.7\(3\)m4b
version/cisco ios/15.7\(3\)m5
version/cisco ios/15.7\(3\)m6
version/cisco ios/15.7\(3\)m7
version/cisco ios/15.8\(3\)m
version/cisco ios/15.8\(3\)m0a
version/cisco ios/15.8\(3\)m1
version/cisco ios/15.8\(3\)m2
version/cisco ios/15.8\(3\)m2a
version/cisco ios/15.8\(3\)m3
version/cisco ios/15.8\(3\)m3a
version/cisco ios/15.8\(3\)m3b
version/cisco ios/15.8\(3\)m4
version/cisco ios/15.8\(3\)m5
version/cisco ios/15.9\(3\)m
version/cisco ios/15.9\(3\)m0a
canonical/cisco 1120
canonical/cisco 1240
canonical/cisco 809
canonical/cisco 829