CVE-2020-3510

A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.

A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.

Una vulnerabilidad en el componente Umbrella Connector de Cisco IOS XE Software para Cisco Catalyst 9200 Series Switches, podría permitir a un atacante remoto no autenticado desencadenar una recarga, resultando en una condición de denegación de servicio en un dispositivo afectado. La vulnerabilidad es debido a un manejo insuficiente de errores cuando se analizan las peticiones DNS. Un atacante podría explotar esta vulnerabilidad mediante el envío de una serie de peticiones DNS maliciosas a una interfaz del cliente de Umbrella Connector de un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar un bloqueo del proceso iosd, lo que desencadena una recarga del dispositivo afectado.