First published: Thu Sep 24 2020(Updated: )
A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the attacker to crash the device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE | =17.2 | |
Cisco cBR-8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3526 is a vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers.
The severity of CVE-2020-3526 is high with a CVSS score of 8.6.
An attacker could exploit CVE-2020-3526 by sending malicious requests to the Common Open Policy Service (COPS) engine, causing a device crash.
Cisco IOS XE Software version 17.2 on Cisco cBR-8 Converged Broadband Routers is affected by CVE-2020-3526.
No, Cisco cBR-8 is not vulnerable to CVE-2020-3526.