Cisco Event Response Page

Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Doc ID:

ERP-73388

First Published:

2020 June 3 16:00 GMT

Version:

1.0

Summary

Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on June 3, 2020. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

The June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 23 Cisco Security Advisories that describe 25 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco has released software updates that address these vulnerabilities.

Of these advisories, 20 have a Security Impact Rating (SIR) of High. Three have a SIR of Critical.

One vulnerability affects Cisco IOS, IOS XE, IOS XR, and NX-OS Software. Five vulnerabilities affect both Cisco IOS and IOS XE Software. Six vulnerabilities affect Cisco IOS Software and 10 affect Cisco IOS XE Software. Three vulnerabilities affect the Cisco IOx application environment.
To quickly determine whether a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, customers can use the Cisco Software Checker.

Details

The following table identifies the Cisco Security Advisories that are in this bundled publication:

Cisco Security Advisory	CVE ID	Security Impact Rating	CVSS Base Score	IPS Signature
cisco-sa-cipdos-hkfTZXEx Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities	CVE-2020-3225	High	8.6	-
cisco-sa-ikev2-9p23Jj2a Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability	CVE-2020-3230	High	7.5	-
cisco-sa-ssh-dos-Un22sd2A Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability	CVE-2020-3200	High	7.7	-
cisco-sa-sip-Cv28sQw2 Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability	CVE-2020-3226	High	8.6	-
cisco-sa-snmp-dos-USxSyTk5 Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability	CVE-2020-3235	High	7.7	-
cisco-sa-ios-ir800-img-verif-wHhLYHjK Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability	CVE-2020-3208	High	6.7	-
cisco-sa-ios-iot-rce-xYRSeMNH Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities	CVE-2020-3198 CVE-2020-3258	Critical	9.8	-
cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability	CVE-2020-3210	High	6.7	-
cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability	CVE-2020-3205	Critical	8.8	-
cisco-sa-ios-iot-vds-cred-uPMp9zbY Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability	CVE-2020-3234	High	8.8	-
cisco-sa-iosxe-ewlc-dos-TkuPVmZN Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability	CVE-2020-3203	High	8.6	-
cisco-sa-ngwc-cmdinj-KEwWVWR Cisco IOS XE Software Command Injection Vulnerability	CVE-2020-3207	High	6.7	-
cisco-sa-iosxe-digsig-bypass-FYQ3bmVq Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability	CVE-2020-3209	High	6.8	-
cisco-sa-iosxe-fnfv9-dos-HND6Fc9u Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability	CVE-2020-3221	High	8.6	-
cisco-sa-webui-cmdinj-zM283Zdw Cisco IOS XE Software Web UI Command Injection Vulnerability	CVE-2020-3224	High	8.8	-
cisco-sa-web-cmdinj2-fOnjk2LD Cisco IOS XE Software Web UI Command Injection Vulnerability	CVE-2020-3219	High	8.8	-
cisco-sa-web-cmdinj3-44st5CcA Cisco IOS XE Software Web UI Command Injection Vulnerability	CVE-2020-3212	High	7.2	-
cisco-sa-web-cmdinj4-S2TmH7GA Cisco IOS XE Software Web UI Command Injection Vulnerability	CVE-2020-3211	High	7.2	-
cisco-sa-webui-PZgQxjfG Cisco IOS XE Software Web UI Privilege Escalation Vulnerability	CVE-2020-3229	High	8.8	-
cisco-sa-iosxe-webui-rce-uk8BXcUD Cisco IOS XE Software Web UI Remote Code Execution Vulnerability	CVE-2020-3218	High	7.2	-
cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability	CVE-2020-3217	High	8.8	-
cisco-sa-ios-iot-gos-vuln-s9qS8kYL Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities	CVE-2020-3199 CVE-2020-3257	High	8.1	-
cisco-sa-ioxPE-KgGvCAf9 Cisco IOx for IOS XE Software Privilege Escalation Vulnerability	CVE-2020-3227	Critical	9.8	-

Related Resources

Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating