Main Vulnerability Database Vulnerabilities #VU25653

#VU25653 Resource exhaustion in Cisco NX-OS and Cisco MDS 9000 Series Multilayer Switches - CVE-2020-3175

Published: February 27, 2020

Vulnerability identifier: #VU25653

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-3175

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco NX-OS
Cisco MDS 9000 Series Multilayer Switches

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource usage control within the resource handling system. A remote attacker send traffic to the management interface (mgmt0) of an affected device at very high rates and cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos

#VU25653 Resource exhaustion in Cisco NX-OS and Cisco MDS 9000 Series Multilayer Switches - CVE-2020-3175

Description

Remediation

External links

Please verify you're human