CVE-2020-3511: Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability
First published: Thu Sep 24 2020(Updated: )
A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | =15.1\(4\)m | |
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100-lte Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p Integrated Services Router | ||
| Cisco 1111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 422 Integrated Services Router | ||
| Cisco 4321\/k9-rf Integrated Services Router | ||
| Cisco 4321\/k9-ws Integrated Services Router | ||
| Cisco 4321\/k9 Integrated Services Router | ||
| Cisco 4331\/k9-rf Integrated Services Router | ||
| Cisco 4331\/k9-ws Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4351\/k9-rf Integrated Services Router | ||
| Cisco 4351\/k9-ws Integrated Services Router | ||
| Cisco 4351\/k9 Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4441 Integrated Services Router | ||
| Cisco ASR 1000 series software | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1004 | ||
| Cisco ASR 1006 | ||
| Cisco ASR 1013 | ||
| Cisco ASR 1001-HX | ||
| Cisco ASR 1001-HX-RF | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002-HX | ||
| Cisco ASR 1002-HX | ||
| Cisco ASR 1002-HX | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1002-X | ||
| Cisco Cloud Services Router 1000V |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3511?
CVE-2020-3511 is a vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated attacker to cause a denial of service (DoS) condition.
How does CVE-2020-3511 affect Cisco devices?
CVE-2020-3511 affects Cisco devices running IOS Software and IOS XE Software with the ISDN subsystem enabled.
What is the severity of CVE-2020-3511?
The severity of CVE-2020-3511 is high, with a CVSS score of 7.4.
How can an attacker exploit CVE-2020-3511?
An attacker can exploit CVE-2020-3511 by sending malicious ISDN Q.931 packets to an affected device.
How can CVE-2020-3511 be mitigated?
To mitigate CVE-2020-3511, it is recommended to apply the necessary updates or patches provided by Cisco.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/15.1\(4\)m
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100-lte integrated services router
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p integrated services router
- canonical/cisco 1111x integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 422 integrated services router
- canonical/cisco 4321\/k9-rf integrated services router
- canonical/cisco 4321\/k9-ws integrated services router
- canonical/cisco 4321\/k9 integrated services router
- canonical/cisco 4331\/k9-rf integrated services router
- canonical/cisco 4331\/k9-ws integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4351\/k9-rf integrated services router
- canonical/cisco 4351\/k9-ws integrated services router
- canonical/cisco 4351\/k9 integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4441 integrated services router
- canonical/cisco asr 1000 series software
- canonical/cisco asr 1001
- canonical/cisco asr 1001-x
- canonical/cisco asr 1002 fixed router
- canonical/cisco asr 1002-x
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1013
- canonical/cisco asr 1001-hx
- canonical/cisco asr 1001-hx-rf
- canonical/cisco asr 1002-hx
- canonical/cisco cloud services router 1000v