发布日期：2020-09-24
更新日期：2020-10-10

受影响系统：

Cisco 807 Industrial ISRs
Cisco 809 Industrial ISRs
Cisco 829 Industrial ISRs
Cisco CGR1000 Routers

描述：

---

CVE(CAN) ID: CVE-2020-3426

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) 和 Cisco 1000 Series Connected Grid Routers (CGR1000) 是思科公司的路由器产品。
Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) 和 Cisco 1000 Series Connected Grid Routers (CGR1000)中的低功耗广域（LPWA）子系统存在授权不当漏洞。该漏洞源于程序缺少用于虚拟LWP（VLPWA）协议调制解调器消息的输入和验证检查机制。未经身份认证的远程攻击者可通过向受影响设备发送特制的数据包利用该漏洞获得对敏感数据的未授权读取访问或导致拒绝服务（DoS）。

<*来源：X.B. （Cisco Advanced Security Initiatives Group (ASIG)
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-ios-lpwa-access-cXsD7PRA）以及相应补丁:
cisco-sa-ios-lpwa-access-cXsD7PRA：Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7

浏览次数：986
严重程度：0（网友投票）