CVE-2020-3567

MEDIUM

Cisco Industrial Network Director < 1.9.0 - Authenticated Denial of Service via REST API Request

Title source: llm

Description

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-dos-BwG634zn

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (3)

cisco/industrial_network_director < 1.9.0

cisco/network_level_service 1.8\(0.142\)

cisco/network_level_service 1.9\(0.63\)

Published Oct 08, 2020

Tracked Since Feb 18, 2026