CVE-2020-3426

Name of the Vulnerable Software and Affected Versions: Cisco 800 Series Industrial Integrated Services Routers (affected versions not specified) Cisco 1000 Series Connected Grid Routers (affected versions not specified)

Description: The issue is related to errors in privilege management in the implementation of the Low-power Wide-area Network (LPWAN) technology in Cisco IOS Software. This could allow a remote attacker to gain unauthorized access to sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device, potentially gaining unauthorized read access to sensitive data or causing the VLPWA interface to shut down.

Recommendations: For Cisco 800 Series Industrial Integrated Services Routers, update to a version that includes the fix for this issue. For Cisco 1000 Series Connected Grid Routers, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the VLPWA interface until a patch is available. Avoid using the VLPWA protocol until the issue is resolved.