CVE-2020-3225

Name of the Vulnerable Software and Affected Versions Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified)

Description The issue is related to the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS Software and Cisco IOS XE Software. It is caused by insufficient input processing of CIP traffic, which could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending crafted CIP traffic to be processed by an affected device.

Recommendations For Cisco IOS Software, update to a version that addresses these vulnerabilities. For Cisco IOS XE Software, update to a version that addresses these vulnerabilities. As a temporary workaround, consider restricting access to CIP traffic to minimize the risk of exploitation.