Armis Vulnerability Intelligence Database

Description Preview

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) allows authenticated remote attackers to cause 100% CPU utilization, resulting in a denial of service condition. The vulnerability stems from insufficient validation of requests sent to the REST API. Successful exploitation can cause a permanent DoS condition requiring manual intervention to recover the system.

Overview

This vulnerability (CVE-2020-3567) affects the Cisco Industrial Network Director, which is an industrial automation management solution. The issue exists in the management REST API component where input validation is insufficient. An authenticated attacker can send specially crafted requests to the REST API that will cause the CPU utilization to spike to 100%, effectively rendering the system unusable. This is classified as CWE-20 (Improper Input Validation). The DoS condition created by this vulnerability is particularly severe as it can be permanent and requires manual intervention to restore normal system operation.

Remediation

Organizations using Cisco Industrial Network Director should:

Update to the latest software version as recommended in the Cisco Security Advisory.
Implement network segmentation to limit access to the management interfaces.
Ensure that only authorized personnel have authentication credentials for the IND system.
Monitor CPU utilization for unusual spikes that might indicate exploitation attempts.
Have recovery procedures in place in case the system becomes unresponsive.
Follow Cisco's guidance for proper recovery steps if the system is affected.

References

Cisco Security Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-dos-BwG634zn
Title: Cisco Industrial Network Director Denial of Service Vulnerability
Advisory ID: cisco-sa-ind-dos-BwG634zn
Publication Date: October 7, 2020
CWE-20: Improper Input Validation

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Manufacturing
Manufacturing
Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Construction
Construction
Educational Services
Educational Services
Finance and Insurance
Finance and Insurance
Health Care & Social Assistance
Health Care & Social Assistance
Information
Information
Management of Companies & Enterprises
Management of Companies & Enterprises
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Retail Trade
Retail Trade
Transportation & Warehousing
Transportation & Warehousing
Utilities
Utilities
Wholesale Trade
Wholesale Trade

^{CVE-2020-3567:}Cisco Industrial Network Director REST API Denial of Service Vulnerability

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!