Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3175

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.

Published

2020-02-26T17:15:13.657

Last Modified

2024-11-21T05:30:29.070

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-664
Type: Primary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	nx-os	6.2\(1\)	Yes
Hardware	cisco	mds_9132t	-	No
Hardware	cisco	mds_9148s	-	No
Hardware	cisco	mds_9148t	-	No
Hardware	cisco	mds_9216	-	No
Hardware	cisco	mds_9216a	-	No
Hardware	cisco	mds_9216i	-	No
Hardware	cisco	mds_9222i	-	No
Hardware	cisco	mds_9506	-	No
Hardware	cisco	mds_9509	-	No
Hardware	cisco	mds_9513	-	No
Hardware	cisco	mds_9706	-	No
Hardware	cisco	mds_9710	-	No
Hardware	cisco	mds_9718	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)