What is CVE-2020-3244?

CVE-2020-3244 is a medium-severity vulnerability in Cisco Asr 5000 Series Software, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2020-06-18.

How severe is CVE-2020-3244?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2020-3244 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Cisco Asr 5000 Series Software

CVE-2020-3244

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. Th…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (62.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Cisco Asr 5000 Series Software — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

n0-traces/cve_

References

20200617 Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3244?: CVE-2020-3244 is a medium-severity vulnerability in Cisco Asr 5000 Series Software, classified under Improper Input Validation. CVSS score: 5.3/10. Published 2020-06-18.
How severe is CVE-2020-3244?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2020-3244 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.