Vulnerability Name: | CVE-2020-3527 (CCN-188771) | ||||||||||||
Assigned: | 2019-12-12 | ||||||||||||
Published: | 2020-09-24 | ||||||||||||
Updated: | 2020-10-07 | ||||||||||||
Summary: | A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery. | ||||||||||||
CVSS v3 Severity: | 8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) 7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
Vulnerability Type: | CWE-400 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-3527 Source: XF Type: UNKNOWN cisco-cve20203527-dos(188771) Source: CCN Type: Cisco Security Advisory cisco-sa-JP-DOS-g5FfGm8y Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability Source: CISCO Type: Vendor Advisory 20200924 Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||||||
BACK |