Published: 24/09/2020 Updated: 08/10/2020

CVSS v2 Base Score: 5.7 | Impact Score: 6.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8

VMScore: 507

Vector: AV:A/AC:M/Au:N/C:N/I:N/A:C

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent malicious user to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the malicious user to cause the affected device to reload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios_xe 15.2\\(7\\)e

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition The vulnerability is due to insufficient validation of LLDP messages in ...

CWE-400 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5

CVE-2020-3512

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect