Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-3174 |
CWE-ID | CWE-345 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco NX-OS Operating systems & Components / Operating system |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU25670
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3174
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries.
The vulnerability exists due to improper validation of a received gratuitous ARP (GARP) request in the anycast gateway feature. A remote attacker on the local network can send a malicious GARP packet to cause the ARP table on the device to become corrupted and populate the ARP table with incorrect entries, which could lead to traffic disruptions.
This vulnerability
affects the following products if they are running a vulnerable
release of Cisco NX-OS Software and had the anycast gateway feature
enabled:
Install updates from vendor's website.
Vulnerable software versionsCisco NX-OS: 8.1.1 - 9.3.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.