CVE-2020-3510
HIGHCisco IOS XE Umbrella Connector - Unauthenticated Denial of Service via Malicious DNS Request Parsing
Title source: llmDescription
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37
Scores
CVSS v3
8.6
EPSS
0.0075
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-388
CWE-400
Status
published
Products (3)
cisco/ios_xe
16.12.1
cisco/ios_xe
16.12.2
cisco/ios_xe
17.1.1
Published
Sep 24, 2020
Tracked Since
Feb 18, 2026