Cisco Event Response Page

Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Doc ID:

ERP-74268

First Published:

2020 September 24 15:55 GMT

Version:

1.0

Summary

Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on September 24, 2020. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

The September 24, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 25 Cisco Security Advisories that describe 34 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco has released software updates that address these vulnerabilities.

Of these advisories, 25 have a Security Impact Rating (SIR) of High.

To quickly determine whether a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, customers can use the Cisco Software Checker.

Details

The following table identifies Cisco Security content that is associated with this bundled publication:

Cisco Security Advisory	CVE ID	SIR	CVSS Base Score
cisco-sa-iosxe-isdn-q931-dos-67eUZBTf Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability	CVE-2020-3511	High	7.4
cisco-sa-profinet-J9QMCHPB Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability	CVE-2020-3409	High	7.4
cisco-sa-ios-profinet-dos-65qYG3W5 Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability	CVE-2020-3512	High	7.4
cisco-sa-splitdns-SPWqpdGW Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability	CVE-2020-3408	High	8.6
cisco-sa-ios-lpwa-access-cXsD7PRA Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability	CVE-2020-3426	High	7.5
cisco-sa-xbace-OnCEbyS Cisco IOS XE Software Arbitrary Code Execution Vulnerability	CVE-2020-3417	High	6.8
cisco-sa-COPS-VLD-MpbTvGEW Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability	CVE-2020-3526	High	8.6
cisco-sa-le-drTOB625 Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability	CVE-2020-3465	High	7.4
cisco-sa-iosxe-umbrella-dos-t2QMUX37 Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability	CVE-2020-3510	High	8.6
cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability	CVE-2020-3492	High	8.6
cisco-sa-mdns-dos-3tH6cA9J Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability	CVE-2020-3359	High	8.6
cisco-sa-ISR4461-gKKUROhx Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability	CVE-2020-3414	High	8.6
cisco-sa-esp20-arp-dos-GvHVggqJ Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability	CVE-2020-3508	High	7.4
cisco-sa-iosxe-rsp3-rce-jVHg8Z7c Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities	CVE-2020-3416 CVE-2020-3513	High	6.7
cisco-sa-iosxe-dhcp-dos-JSCKX43h Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability	CVE-2020-3509	High	8.6
cisco-sa-ipsla-jw2DJmSv Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability	CVE-2020-3422	High	8.6
cisco-sa-ios-webui-priv-esc-K8zvEWM Cisco IOS XE Software Privilege Escalation Vulnerabilities	CVE-2020-3141 CVE-2020-3425	High	8.8
cisco-sa-confacl-HbPtfSuO Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability	CVE-2020-3407	High	8.6
cisco-sa-webui-auth-bypass-6j2BYUc7 Cisco IOS XE Software Web UI Authorization Bypass Vulnerability	CVE-2020-3400	High	8.8
cisco-sa-zbfw-94ckG4G Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities	CVE-2020-3421 CVE-2020-3480	High	8.6
cisco-sa-capwap-dos-TPdNTdyq Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities	CVE-2020-3486 CVE-2020-3487 CVE-2020-3488 CVE-2020-3489 CVE-2020-3493 CVE-2020-3494 CVE-2020-3497	High	7.4
cisco-sa-capwap-dos-ShFzXf Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability	CVE-2020-3399	High	8.6
cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability	CVE-2020-3390	High	7.4
cisco-sa-dclass-dos-VKh9D8k3 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability	CVE-2020-3428	High	7.4
cisco-sa-wpa-dos-cXshjerc Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability	CVE-2020-3429	High	7.4

Related Resources

Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A