{"containers": {"cna": {"affected": [{"product": "Cisco IOS 12.2(60)EZ16", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-03T17:56:13", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"}], "source": {"advisory": "cisco-sa-ios-iot-rce-xYRSeMNH", "defect": [["CSCvr12083", "CSCvr46885"]], "discovery": "INTERNAL"}, "title": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-03T16:00:00", "ID": "CVE-2020-3258", "STATE": "PUBLIC", "TITLE": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS 12.2(60)EZ16", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "impact": {"cvss": {"baseScore": "9.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"}]}, "source": {"advisory": "cisco-sa-ios-iot-rce-xYRSeMNH", "defect": [["CSCvr12083", "CSCvr46885"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:57.643Z"}, "title": "CVE Program Container", "references": [{"name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T16:19:39.379267Z", "id": "CVE-2020-3258", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:11:02.301Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3258", "datePublished": "2020-06-03T17:56:13.400169Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:11:02.301Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH", "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:57.643Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-3258", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-15T16:19:39.379267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T16:20:01.977Z"}}], "cna": {"title": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "source": {"defect": [["CSCvr12083", "CSCvr46885"]], "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS 12.2(60)EZ16", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "datePublic": "2020-06-03T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH", "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2020-06-03T17:56:13"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "9.8", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, "source": {"defect": [["CSCvr12083", "CSCvr46885"]], "advisory": "cisco-sa-ios-iot-rce-xYRSeMNH", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco IOS 12.2(60)EZ16"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH", "name": "20200603 Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-3258", "STATE": "PUBLIC", "TITLE": "Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-03T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2020-3258", "state": "PUBLISHED", "dateUpdated": "2024-11-15T17:11:02.301Z", "dateReserved": "2019-12-12T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2020-06-03T17:56:13.400169Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*", "matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.8\\(9\\):*:*:*:*:*:*:*", "matchCriteriaId": "5FCAB89A-EF98-47B7-AE7A-236F739244FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:15.9:*:*:*:*:*:*:*", "matchCriteriaId": "AFA9B42B-5D01-40F8-9981-7E094534F3C6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1120:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2D64BDE-0D00-4FBE-873B-F5D52AD0C5A2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1240:-:*:*:*:*:*:*:*", "matchCriteriaId": "0502FCFE-B123-422C-AC43-05260B4E952C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir809g-lte-ga-k9:-:*:*:*:*:*:*:*", "matchCriteriaId": "47B4B073-21C9-43EC-9F3E-6B9E14302D49", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir809g-lte-la-k9:-:*:*:*:*:*:*:*", "matchCriteriaId": "661C304A-BE1A-4A5A-8B35-B18725082AB2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir809g-lte-na-k9:-:*:*:*:*:*:*:*", "matchCriteriaId": "1189BB4A-AE5E-450E-AC4C-B5A03172799F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir809g-lte-vz-k9:-:*:*:*:*:*:*:*", "matchCriteriaId": "168FA298-68C0-4BB1-A94A-21E3615FBA6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-ak9:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB62C534-29F8-48CA-9D45-42C49CE68577", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-bk9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B670C5A3-4E19-428F-87D0-C2B12EE2CB92", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829-2lte-ea-ek9:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BF5C3D3-833D-405B-8E1E-ED3BC29CD5E0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-ck9:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8D39174-298E-4C06-A289-B0C4585B2E99", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-ek9:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB259DDC-AB98-405E-A369-49A3B89F48F5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-sk9:-:*:*:*:*:*:*:*", "matchCriteriaId": "99B57D05-6702-4026-9E36-0CBEC6BE8001", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829gw-lte-ga-zk9:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC62F7A8-9D57-4703-A7DF-451C2CA75919", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829gw-lte-na-ak9:-:*:*:*:*:*:*:*", "matchCriteriaId": "78F497A3-8153-4524-9E8D-2CFDCF2ADCDE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ir829gw-lte-vz-ak9:-:*:*:*:*:*:*:*", "matchCriteriaId": "61BD4298-A8D5-4D7C-A9D9-694606042C12", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en Cisco IOS Software para Cisco 809 y 829 Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00edan permitir a un atacante remoto no autenticado o un atacante local autenticado ejecutar c\u00f3digo arbitrario sobre un sistema afectado o causar que un sistema afectado se bloquee y vuelva a cargar. Para mayor informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso."}], "id": "CVE-2020-3258", "lastModified": "2021-10-26T16:30:20.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-03T18:15:21.997", "references": [{"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}