CVE-2020-3220

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers (affected versions not specified)

Description A vulnerability in the hardware crypto driver could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The issue is due to insufficient verification of the authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this by tampering with ESP cleartext values as a man-in-the-middle.

Recommendations For Cisco IOS XE Software, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable hardware crypto driver until a patch is available. Avoid using the ESP packets in a way that could be exploited by an attacker until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but Cisco has released software updates that address this issue.