Adding Cisco CVE-2020-3527

2025-08-04 08:44:25 +00:00 · 2020-09-24 17:17:39 +00:00 · 2020-09-24 17:17:39 +00:00 · 370af40ed3
commit 370af40ed3
parent 4e8fd9be7d
1 changed files with 75 additions and 7 deletions
--- a/2020/3xxx/CVE-2020-3527.json
+++ b/2020/3xxx/CVE-2020-3527.json
@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2020-09-24T16:00:00",
        "ID": "CVE-2020-3527",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco IOS XE Software ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": " A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery. "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "8.6",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20200924 Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-JP-DOS-g5FfGm8y",
+        "defect": [
+            [
+                "CSCvr37065"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}