Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3415

A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device.

Published

2020-08-27T16:15:12.317

Last Modified

2024-11-21T05:30:59.257

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

5.5

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-787
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco nx-os - Yes
Hardware cisco nexus_3016 - No
Hardware cisco nexus_3048 - No
Hardware cisco nexus_3064 - No
Hardware cisco nexus_3064-t - No
Hardware cisco nexus_31108pc-v - No
Hardware cisco nexus_31108tc-v - No
Hardware cisco nexus_31128pq - No
Hardware cisco nexus_3132c-z - No
Hardware cisco nexus_3132q - No
Hardware cisco nexus_3132q-v - No
Hardware cisco nexus_3132q-xl - No
Hardware cisco nexus_3164q - No
Hardware cisco nexus_3172 - No
Hardware cisco nexus_3172pq-xl - No
Hardware cisco nexus_3172tq - No
Hardware cisco nexus_3172tq-32t - No
Hardware cisco nexus_3172tq-xl - No
Hardware cisco nexus_3232c - No
Hardware cisco nexus_3264c-e - No
Hardware cisco nexus_3264q - No
Hardware cisco nexus_3408-s - No
Hardware cisco nexus_34180yc - No
Hardware cisco nexus_3432d-s - No
Hardware cisco nexus_3464c - No
Hardware cisco nexus_3524 - No
Hardware cisco nexus_3524-x - No
Hardware cisco nexus_3524-xl - No
Hardware cisco nexus_3548 - No
Hardware cisco nexus_3548-x - No
Hardware cisco nexus_3548-xl - No
Hardware cisco nexus_36180yc-r - No
Hardware cisco nexus_3636c-r - No
Hardware cisco nexus_92160yc-x - No
Hardware cisco nexus_92300yc - No
Hardware cisco nexus_92304qc - No
Hardware cisco nexus_92348gc-x - No
Hardware cisco nexus_9236c - No
Hardware cisco nexus_9272q - No
Hardware cisco nexus_93108tc-ex - No
Hardware cisco nexus_93108tc-fx - No
Hardware cisco nexus_93120tx - No
Hardware cisco nexus_93128tx - No
Hardware cisco nexus_93180lc-ex - No
Hardware cisco nexus_93180yc-ex - No
Hardware cisco nexus_93180yc-fx - No
Hardware cisco nexus_93216tc-fx2 - No
Hardware cisco nexus_93240yc-fx2 - No
Hardware cisco nexus_9332c - No
Hardware cisco nexus_9332pq - No
Hardware cisco nexus_93360yc-fx2 - No
Hardware cisco nexus_9336c-fx2 - No
Hardware cisco nexus_9336pq_aci_spine - No
Hardware cisco nexus_9348gc-fxp - No
Hardware cisco nexus_9364c - No
Hardware cisco nexus_9372px - No
Hardware cisco nexus_9372px-e - No
Hardware cisco nexus_9372tx - No
Hardware cisco nexus_9372tx-e - No
Hardware cisco nexus_9396px - No
Hardware cisco nexus_9396tx - No
Hardware cisco nexus_9504 - No
Hardware cisco nexus_9508 - No
Hardware cisco nexus_9516 - No
Operating System cisco nx-os < 4.0\(4h\) Yes
Hardware cisco ucs_64108 - No
Hardware cisco ucs_6454 - No
References