CVE-2020-3244

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:30

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ecs-bypass-2LqfPCL - Vendor Advisory

Information

Published : 2020-06-18 03:15

Updated : 2024-11-21 05:30


NVD link : CVE-2020-3244

Mitre link : CVE-2020-3244

CVE.ORG link : CVE-2020-3244


JSON object : View

Products Affected

cisco

  • asr_5700
  • asr_5000
  • staros
  • asr_5500
CWE
CWE-20

Improper Input Validation