Main Vulnerability Database Vulnerabilities #VU25670

Insufficient verification of data authenticity in Cisco NX-OS - CVE-2020-3174

Published: February 27, 2020

Vulnerability identifier: #VU25670

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3174

CWE-ID: CWE-345

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco NX-OS

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries.

The vulnerability exists due to improper validation of a received gratuitous ARP (GARP) request in the anycast gateway feature. A remote attacker on the local network can send a malicious GARP packet to cause the ARP table on the device to become corrupted and populate the ARP table with incorrect entries, which could lead to traffic disruptions.

This vulnerability affects the following products if they are running a vulnerable release of Cisco NX-OS Software and had the anycast gateway feature enabled:

Nexus 3000 Series Switches
Nexus 7000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode

How to mitigate CVE-2020-3174

Install updates from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp

Insufficient verification of data authenticity in Cisco NX-OS - CVE-2020-3174

Detailed vulnerability description

How to mitigate CVE-2020-3174

Sources

Please verify you're human