CVE-2020-3235 [High] | Denial of Service in Ios

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.29%	1.57%	+1.27%
2	2025-03-30	0.41%	0.29%	-0.12%
3	2025-03-29	—	0.41%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.29%

1.57%

+1.27%

2025-03-30

0.41%

0.29%

-0.12%

2025-03-29

—

0.41%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.7	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.1	4.0	[email protected]
7.7	3.0	HIGH	`CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.1	4.0	[email protected]
6.3	2.0	MEDIUM	`AV:N/AC:M/Au:S/C:N/I:N/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:C) Complete availability impact.	6.8	6.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.7

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.1

4.0

[email protected]

7.7

3.0

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C): Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.1

4.0

[email protected]

6.3

2.0

MEDIUM

AV:N/AC:M/Au:S/C:N/I:N/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:C): Complete availability impact.

6.8

6.9

[email protected]

Affected software / configurations for CVE-2020-3235

Vendor	Product	Version	Raw CPE
cisco	ios	12.2\(52\)sg	cpe:2.3:o:cisco:ios:12.2\(52\)sg:::::::*
cisco	ios	12.2\(53\)sg1	cpe:2.3:o:cisco:ios:12.2\(53\)sg1:::::::*
cisco	ios	12.2\(53\)sg2	cpe:2.3:o:cisco:ios:12.2\(53\)sg2:::::::*
cisco	ios	12.2\(53\)sg3	cpe:2.3:o:cisco:ios:12.2\(53\)sg3:::::::*
cisco	ios	12.2\(53\)sg4	cpe:2.3:o:cisco:ios:12.2\(53\)sg4:::::::*
cisco	ios	12.2\(53\)sg5	cpe:2.3:o:cisco:ios:12.2\(53\)sg5:::::::*
cisco	ios	12.2\(53\)sg6	cpe:2.3:o:cisco:ios:12.2\(53\)sg6:::::::*
cisco	ios	12.2\(53\)sg7	cpe:2.3:o:cisco:ios:12.2\(53\)sg7:::::::*
cisco	ios	12.2\(53\)sg8	cpe:2.3:o:cisco:ios:12.2\(53\)sg8:::::::*
cisco	ios	12.2\(53\)sg9	cpe:2.3:o:cisco:ios:12.2\(53\)sg9:::::::*
cisco	ios	12.2\(53\)sg10	cpe:2.3:o:cisco:ios:12.2\(53\)sg10:::::::*
cisco	ios	12.2\(53\)sg11	cpe:2.3:o:cisco:ios:12.2\(53\)sg11:::::::*
cisco	ios	12.2\(54\)sg	cpe:2.3:o:cisco:ios:12.2\(54\)sg:::::::*
cisco	ios	12.2\(54\)sg1	cpe:2.3:o:cisco:ios:12.2\(54\)sg1:::::::*
cisco	ios	12.2\(54\)wo	cpe:2.3:o:cisco:ios:12.2\(54\)wo:::::::*
cisco	ios	15.0\(1\)ey	cpe:2.3:o:cisco:ios:15.0\(1\)ey:::::::*
cisco	ios	15.0\(1\)ey2	cpe:2.3:o:cisco:ios:15.0\(1\)ey2:::::::*
cisco	ios	15.0\(1\)xo	cpe:2.3:o:cisco:ios:15.0\(1\)xo:::::::*
cisco	ios	15.0\(1\)xo1	cpe:2.3:o:cisco:ios:15.0\(1\)xo1:::::::*
cisco	ios	15.0\(2\)ex2	cpe:2.3:o:cisco:ios:15.0\(2\)ex2:::::::*
cisco	ios	15.0\(2\)ex8	cpe:2.3:o:cisco:ios:15.0\(2\)ex8:::::::*
cisco	ios	15.0\(2\)sg	cpe:2.3:o:cisco:ios:15.0\(2\)sg:::::::*
cisco	ios	15.0\(2\)sg1	cpe:2.3:o:cisco:ios:15.0\(2\)sg1:::::::*
cisco	ios	15.0\(2\)sg2	cpe:2.3:o:cisco:ios:15.0\(2\)sg2:::::::*
cisco	ios	15.0\(2\)sg3	cpe:2.3:o:cisco:ios:15.0\(2\)sg3:::::::*
cisco	ios	15.0\(2\)sg4	cpe:2.3:o:cisco:ios:15.0\(2\)sg4:::::::*
cisco	ios	15.0\(2\)sg5	cpe:2.3:o:cisco:ios:15.0\(2\)sg5:::::::*
cisco	ios	15.0\(2\)sg6	cpe:2.3:o:cisco:ios:15.0\(2\)sg6:::::::*
cisco	ios	15.0\(2\)sg7	cpe:2.3:o:cisco:ios:15.0\(2\)sg7:::::::*
cisco	ios	15.0\(2\)sg8	cpe:2.3:o:cisco:ios:15.0\(2\)sg8:::::::*
cisco	ios	15.0\(2\)sg9	cpe:2.3:o:cisco:ios:15.0\(2\)sg9:::::::*
cisco	ios	15.0\(2\)sg10	cpe:2.3:o:cisco:ios:15.0\(2\)sg10:::::::*
cisco	ios	15.0\(2\)sg11	cpe:2.3:o:cisco:ios:15.0\(2\)sg11:::::::*
cisco	ios	15.0\(2\)xo	cpe:2.3:o:cisco:ios:15.0\(2\)xo:::::::*
cisco	ios	15.1\(1\)sg	cpe:2.3:o:cisco:ios:15.1\(1\)sg:::::::*
cisco	ios	15.1\(1\)sg1	cpe:2.3:o:cisco:ios:15.1\(1\)sg1:::::::*
cisco	ios	15.1\(1\)sg2	cpe:2.3:o:cisco:ios:15.1\(1\)sg2:::::::*
cisco	ios	15.1\(2\)sg	cpe:2.3:o:cisco:ios:15.1\(2\)sg:::::::*
cisco	ios	15.1\(2\)sg1	cpe:2.3:o:cisco:ios:15.1\(2\)sg1:::::::*
cisco	ios	15.1\(2\)sg2	cpe:2.3:o:cisco:ios:15.1\(2\)sg2:::::::*
cisco	ios	15.1\(2\)sg3	cpe:2.3:o:cisco:ios:15.1\(2\)sg3:::::::*
cisco	ios	15.1\(2\)sg4	cpe:2.3:o:cisco:ios:15.1\(2\)sg4:::::::*
cisco	ios	15.1\(2\)sg5	cpe:2.3:o:cisco:ios:15.1\(2\)sg5:::::::*
cisco	ios	15.1\(2\)sg6	cpe:2.3:o:cisco:ios:15.1\(2\)sg6:::::::*
cisco	ios	15.1\(2\)sg7	cpe:2.3:o:cisco:ios:15.1\(2\)sg7:::::::*
cisco	ios	15.1\(2\)sg8	cpe:2.3:o:cisco:ios:15.1\(2\)sg8:::::::*
cisco	ios	15.2\(1\)e	cpe:2.3:o:cisco:ios:15.2\(1\)e:::::::*
cisco	ios	15.2\(1\)e1	cpe:2.3:o:cisco:ios:15.2\(1\)e1:::::::*
cisco	ios	15.2\(1\)e3	cpe:2.3:o:cisco:ios:15.2\(1\)e3:::::::*
cisco	ios	15.2\(2\)e	cpe:2.3:o:cisco:ios:15.2\(2\)e:::::::*
cisco	ios	15.2\(2\)e1	cpe:2.3:o:cisco:ios:15.2\(2\)e1:::::::*
cisco	ios	15.2\(2\)e2	cpe:2.3:o:cisco:ios:15.2\(2\)e2:::::::*
cisco	ios	15.2\(2\)e3	cpe:2.3:o:cisco:ios:15.2\(2\)e3:::::::*
cisco	ios	15.2\(2\)e4	cpe:2.3:o:cisco:ios:15.2\(2\)e4:::::::*
cisco	ios	15.2\(2\)e5	cpe:2.3:o:cisco:ios:15.2\(2\)e5:::::::*
cisco	ios	15.2\(2\)e5a	cpe:2.3:o:cisco:ios:15.2\(2\)e5a:::::::*
cisco	ios	15.2\(2\)e5b	cpe:2.3:o:cisco:ios:15.2\(2\)e5b:::::::*
cisco	ios	15.2\(2\)e6	cpe:2.3:o:cisco:ios:15.2\(2\)e6:::::::*
cisco	ios	15.2\(2\)e7	cpe:2.3:o:cisco:ios:15.2\(2\)e7:::::::*
cisco	ios	15.2\(2\)e7b	cpe:2.3:o:cisco:ios:15.2\(2\)e7b:::::::*
cisco	ios	15.2\(2\)e8	cpe:2.3:o:cisco:ios:15.2\(2\)e8:::::::*
cisco	ios	15.2\(2\)e9	cpe:2.3:o:cisco:ios:15.2\(2\)e9:::::::*
cisco	ios	15.2\(2\)e9a	cpe:2.3:o:cisco:ios:15.2\(2\)e9a:::::::*
cisco	ios	15.2\(2\)e10	cpe:2.3:o:cisco:ios:15.2\(2\)e10:::::::*
cisco	ios	15.2\(2b\)e	cpe:2.3:o:cisco:ios:15.2\(2b\)e:::::::*
cisco	ios	15.2\(3\)e	cpe:2.3:o:cisco:ios:15.2\(3\)e:::::::*
cisco	ios	15.2\(3\)e1	cpe:2.3:o:cisco:ios:15.2\(3\)e1:::::::*
cisco	ios	15.2\(3\)e2	cpe:2.3:o:cisco:ios:15.2\(3\)e2:::::::*
cisco	ios	15.2\(3\)e3	cpe:2.3:o:cisco:ios:15.2\(3\)e3:::::::*
cisco	ios	15.2\(3\)e4	cpe:2.3:o:cisco:ios:15.2\(3\)e4:::::::*
cisco	ios	15.2\(3\)e5	cpe:2.3:o:cisco:ios:15.2\(3\)e5:::::::*
cisco	ios	15.2\(4\)e	cpe:2.3:o:cisco:ios:15.2\(4\)e:::::::*
cisco	ios	15.2\(4\)e1	cpe:2.3:o:cisco:ios:15.2\(4\)e1:::::::*
cisco	ios	15.2\(4\)e2	cpe:2.3:o:cisco:ios:15.2\(4\)e2:::::::*
cisco	ios	15.2\(4\)e3	cpe:2.3:o:cisco:ios:15.2\(4\)e3:::::::*
cisco	ios	15.2\(4\)e4	cpe:2.3:o:cisco:ios:15.2\(4\)e4:::::::*
cisco	ios	15.2\(4\)e5	cpe:2.3:o:cisco:ios:15.2\(4\)e5:::::::*
cisco	ios	15.2\(4\)e5a	cpe:2.3:o:cisco:ios:15.2\(4\)e5a:::::::*
cisco	ios	15.2\(4\)e6	cpe:2.3:o:cisco:ios:15.2\(4\)e6:::::::*
cisco	ios	15.2\(4\)e7	cpe:2.3:o:cisco:ios:15.2\(4\)e7:::::::*

References for CVE-2020-3235

URL	Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5	Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory

URL

CVE-2020-3235 | Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability

Exploit prediction scoring system (EPSS) score for CVE-2020-3235

Common vulnerability scoring system (CVSS) metrics for CVE-2020-3235

Weakness enumeration for CVE-2020-3235

Affected software / configurations for CVE-2020-3235

References for CVE-2020-3235