Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities [CVE-2020-3421 & CVE-2020-3480]

CVE numbers :- CVE-2020-3421 & CVE-2020-3480

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall.

The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service.

For more information about these vulnerabilities, see the Details section of this advisory.

This advisory is part of the September 24, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 34 vulnerabilities.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

These vulnerabilities affect devices that are running a vulnerable release of Cisco IOS XE Software and have the Zone-Based Firewall feature enabled with Layer 4 inspection enabled. The vulnerabilities are independent of each other.

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G