Denial of service in Cisco MDS 9000 Series Multilayer Switches



Published: 2020-02-27
Risk High
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2020-3175
CWE-ID CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Cisco NX-OS
Operating systems & Components / Operating system

Cisco MDS 9000 Series Multilayer Switches
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU25653

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-3175

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource usage control within the resource handling system. A remote attacker send traffic to the management interface (mgmt0) of an affected device at very high rates and cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Cisco NX-OS: All versions

Cisco MDS 9000 Series Multilayer Switches: All versions


CPE2.3 External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###