Resource management error in Cisco Nexus 1000v Application Virtual Switch and Cisco NX-OS - CVE-2020-3168
Published: February 27, 2020 / Updated: February 27, 2020
Vulnerability identifier: #VU25654
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3168
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Nexus 1000v Application Virtual Switch
Cisco NX-OS
Cisco Nexus 1000v Application Virtual Switch
Cisco NX-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. A remote attacker can perform a high amount of login attempts against the affected device and cause it to become inaccessible to other users, resulting in a denial of service condition requiring a manual power cycle of the VSM to recover.
How to mitigate CVE-2020-3168
Install updates from vendor's website.