Vulnerability Name:

CVE-2020-3175 (CCN-176965)

Assigned:2019-12-12
Published:2020-02-26
Updated:2020-03-03
Summary:A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.
CVSS v3 Severity:8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
8.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-3175

Source: XF
Type: UNKNOWN
cisco-cve20203175-dos(176965)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20200226-mds-ovrld-dos
Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20200226 Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability

Source: CCN
Type: IBM Security Bulletin 6190239 (Cisoc NX-OS for c-type SAN directors and switches)
Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:nx-os:6.2(1):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:mds_9132t:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9148s:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9148t:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9216:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9216a:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9216i:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9222i:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9506:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9509:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9513:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9706:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9710:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:mds_9718:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco nx-os 6.2(1)
    cisco mds 9132t -
    cisco mds 9148s -
    cisco mds 9148t -
    cisco mds 9216 -
    cisco mds 9216a -
    cisco mds 9216i -
    cisco mds 9222i -
    cisco mds 9506 -
    cisco mds 9509 -
    cisco mds 9513 -
    cisco mds 9706 -
    cisco mds 9710 -
    cisco mds 9718 -