Sign-up

ID

VAR-202002-0721


CVE

CVE-2020-3160


TITLE

Cisco Meeting Server Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-002136

DESCRIPTION

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. Cisco Meeting Server The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3160 // JVNDB: JVNDB-2020-002136 // VULHUB: VHN-181285

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:ltversion:2.8.0

Trust: 1.0

vendor:ciscomodel:meeting serverscope: - version: -

Trust: 0.8

vendor:ciscomodel:meeting serverscope:eqversion:2.0.13

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.6

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.15

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.8

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.10

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.11

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.7

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.14

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.9

Trust: 0.6

vendor:ciscomodel:meeting serverscope:eqversion:2.0.12

Trust: 0.6

sources: JVNDB: JVNDB-2020-002136 // CNNVD: CNNVD-202002-948 // NVD: CVE-2020-3160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3160
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3160
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002136
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-948
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181285
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3160
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002136
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181285
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3160
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3160
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002136
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181285 // JVNDB: JVNDB-2020-002136 // CNNVD: CNNVD-202002-948 // NVD: CVE-2020-3160 // NVD: CVE-2020-3160

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181285 // JVNDB: JVNDB-2020-002136 // NVD: CVE-2020-3160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-948

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-948

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002136

PATCH
title:cisco-sa-cms-xmpp-dos-ptfGUsBxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-xmpp-dos-ptfGUsBx
Trust: 0.8
title:Cisco Meeting Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110018
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002136 // 
            
            
            
            CNNVD: CNNVD-202002-948

EXTERNAL IDS
db:NVDid:CVE-2020-3160
Trust: 2.5
db:JVNDBid:JVNDB-2020-002136
Trust: 0.8
db:CNNVDid:CNNVD-202002-948
Trust: 0.7
db:AUSCERTid:ESB-2020.0611
Trust: 0.6
db:CNVDid:CNVD-2020-11484
Trust: 0.1
db:VULHUBid:VHN-181285
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181285 // 
            
            
            
            JVNDB: JVNDB-2020-002136 // 
            
            
            
            CNNVD: CNNVD-202002-948 // 
            
            
            
            NVD: CVE-2020-3160

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cms-xmpp-dos-ptfgusbx
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3160
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3160
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0611/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181285 // 
            
            
            
            JVNDB: JVNDB-2020-002136 // 
            
            
            
            CNNVD: CNNVD-202002-948 // 
            
            
            
            NVD: CVE-2020-3160

SOURCES
db:VULHUBid:VHN-181285
db:JVNDBid:JVNDB-2020-002136
db:CNNVDid:CNNVD-202002-948
db:NVDid:CVE-2020-3160

LAST UPDATE DATE
2024-11-23T22:16:38.801000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181285date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2020-002136date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-948date:2020-02-25T00:00:00
db:NVDid:CVE-2020-3160date:2024-11-21T05:30:27.080

SOURCES RELEASE DATE
db:VULHUBid:VHN-181285date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002136date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-948date:2020-02-19T00:00:00
db:NVDid:CVE-2020-3160date:2020-02-19T20:15:15.567