CVE-2020-3220

MEDIUM

Cisco IOS XE - Unauthenticated Denial of Service via ESP Packet Tampering

Title source: llm

Description

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle.

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-vpn-dos-edOmW28Z

Scores

CVSS v3 6.8

EPSS 0.0042

EPSS Percentile 62.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-345

Status published

Products (50)

cisco/ios_xe 16.4.1

cisco/ios_xe 16.4.2

cisco/ios_xe 16.4.3

cisco/ios_xe 16.5.1

cisco/ios_xe 16.5.1a

cisco/ios_xe 16.5.1b

cisco/ios_xe 16.5.2

cisco/ios_xe 16.5.3

cisco/ios_xe 16.6.1

cisco/ios_xe 16.6.2

... and 40 more

Published Jun 03, 2020

Tracked Since Feb 18, 2026