CVE-2020-3510: Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability
First published: Thu Sep 24 2020(Updated: )
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | =16.12.1 | |
| Cisco IOS XE | =16.12.2 | |
| Cisco IOS XE | =17.1.1 | |
| Cisco Catalyst C9200-24p | ||
| Cisco Catalyst C9200-24t | ||
| Cisco Catalyst C9200-48p | ||
| Cisco Catalyst C9200-48t | ||
| Cisco Catalyst C9200l-24p-4g | ||
| Cisco Catalyst C9200l-24p-4x | ||
| Cisco Catalyst C9200l-24pxg-2y | ||
| Cisco Catalyst C9200l-24pxg-4x | ||
| Cisco Catalyst C9200l-24t-4g | ||
| Cisco Catalyst C9200l-24t-4x | ||
| Cisco Catalyst C9200l-48p-4g | ||
| Cisco Catalyst C9200l-48p-4x | ||
| Cisco Catalyst C9200l-48pxg-2y | ||
| Cisco Catalyst C9200l-48pxg-4x | ||
| Cisco Catalyst C9200l-48t-4g | ||
| Cisco Catalyst C9200l-48t-4x | ||
| Cisco Catalyst C9300-24p | ||
| Cisco Catalyst C9300-24s | ||
| Cisco Catalyst C9300-24t | ||
| Cisco Catalyst C9300-24u | ||
| Cisco Catalyst C9300-24ux | ||
| Cisco Catalyst C9300-48p | ||
| Cisco Catalyst C9300-48s | ||
| Cisco Catalyst C9300-48t | ||
| Cisco Catalyst C9300-48u | ||
| Cisco Catalyst C9300-48un | ||
| Cisco Catalyst C9300-48uxm | ||
| Cisco Catalyst C9300l-24p-4g | ||
| Cisco Catalyst C9300l-24p-4x | ||
| Cisco Catalyst C9300l-24t-4g | ||
| Cisco Catalyst C9300l-24t-4x | ||
| Cisco Catalyst C9300l-48p-4g | ||
| Cisco Catalyst C9300l-48p-4x | ||
| Cisco Catalyst C9300l-48t-4g | ||
| Cisco Catalyst C9300l-48t-4x | ||
| Cisco Catalyst C9404r | ||
| Cisco Catalyst C9407r | ||
| Cisco Catalyst C9410r | ||
| Cisco Catalyst C9500-12q | ||
| Cisco Catalyst C9500-16x | ||
| Cisco Catalyst C9500-24q | ||
| Cisco Catalyst C9500-24y4c | ||
| Cisco Catalyst C9500-32c | ||
| Cisco Catalyst C9500-32qc | ||
| Cisco Catalyst C9500-40x | ||
| Cisco Catalyst C9500-48y4c | ||
| Cisco Catalyst C9600-lc-24c | ||
| Cisco Catalyst C9600-lc-48s | ||
| Cisco Catalyst C9600-lc-48tx | ||
| Cisco Catalyst C9600-lc-48yl |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3510?
CVE-2020-3510 is a vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches that could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device.
What is the severity of CVE-2020-3510?
The severity of CVE-2020-3510 is rated as high with a CVSS score of 8.6.
What software versions are affected by CVE-2020-3510?
The affected software versions are Cisco IOS XE 16.12.1, 16.12.2, and 17.1.1.
How can an attacker exploit CVE-2020-3510?
An attacker can exploit CVE-2020-3510 by sending specially crafted network traffic to the vulnerable device.
Is there a fix for CVE-2020-3510?
Yes, Cisco has released software updates to address the vulnerability. Please refer to the Cisco security advisory for more information.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/title
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/16.12.1
- version/cisco ios xe/16.12.2
- version/cisco ios xe/17.1.1
- canonical/cisco catalyst c9200-24p
- canonical/cisco catalyst c9200-24t
- canonical/cisco catalyst c9200-48p
- canonical/cisco catalyst c9200-48t
- canonical/cisco catalyst c9200l-24p-4g
- canonical/cisco catalyst c9200l-24p-4x
- canonical/cisco catalyst c9200l-24pxg-2y
- canonical/cisco catalyst c9200l-24pxg-4x
- canonical/cisco catalyst c9200l-24t-4g
- canonical/cisco catalyst c9200l-24t-4x
- canonical/cisco catalyst c9200l-48p-4g
- canonical/cisco catalyst c9200l-48p-4x
- canonical/cisco catalyst c9200l-48pxg-2y
- canonical/cisco catalyst c9200l-48pxg-4x
- canonical/cisco catalyst c9200l-48t-4g
- canonical/cisco catalyst c9200l-48t-4x
- canonical/cisco catalyst c9300-24p
- canonical/cisco catalyst c9300-24s
- canonical/cisco catalyst c9300-24t
- canonical/cisco catalyst c9300-24u
- canonical/cisco catalyst c9300-24ux
- canonical/cisco catalyst c9300-48p
- canonical/cisco catalyst c9300-48s
- canonical/cisco catalyst c9300-48t
- canonical/cisco catalyst c9300-48u
- canonical/cisco catalyst c9300-48un
- canonical/cisco catalyst c9300-48uxm
- canonical/cisco catalyst c9300l-24p-4g
- canonical/cisco catalyst c9300l-24p-4x
- canonical/cisco catalyst c9300l-24t-4g
- canonical/cisco catalyst c9300l-24t-4x
- canonical/cisco catalyst c9300l-48p-4g
- canonical/cisco catalyst c9300l-48p-4x
- canonical/cisco catalyst c9300l-48t-4g
- canonical/cisco catalyst c9300l-48t-4x
- canonical/cisco catalyst c9404r
- canonical/cisco catalyst c9407r
- canonical/cisco catalyst c9410r
- canonical/cisco catalyst c9500-12q
- canonical/cisco catalyst c9500-16x
- canonical/cisco catalyst c9500-24q
- canonical/cisco catalyst c9500-24y4c
- canonical/cisco catalyst c9500-32c
- canonical/cisco catalyst c9500-32qc
- canonical/cisco catalyst c9500-40x
- canonical/cisco catalyst c9500-48y4c
- canonical/cisco catalyst c9600-lc-24c
- canonical/cisco catalyst c9600-lc-48s
- canonical/cisco catalyst c9600-lc-48tx
- canonical/cisco catalyst c9600-lc-48yl