Main Vulnerability Database Vulnerabilities #VU25653

Resource exhaustion in Cisco NX-OS and Cisco MDS 9000 Series Multilayer Switches - CVE-2020-3175

Published: February 27, 2020

Vulnerability identifier: #VU25653

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-3175

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco NX-OS
Cisco MDS 9000 Series Multilayer Switches

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource usage control within the resource handling system. A remote attacker send traffic to the management interface (mgmt0) of an affected device at very high rates and cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.

How to mitigate CVE-2020-3175

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos

Resource exhaustion in Cisco NX-OS and Cisco MDS 9000 Series Multilayer Switches - CVE-2020-3175

Detailed vulnerability description

How to mitigate CVE-2020-3175

Sources

Please verify you're human