Main Vulnerability Database Vulnerabilities #VU25654

#VU25654 Resource management error in Cisco Nexus 1000v Application Virtual Switch and Cisco NX-OS - CVE-2020-3168

Published: February 27, 2020 / Updated: February 27, 2020

Vulnerability identifier: #VU25654

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3168

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Nexus 1000v Application Virtual Switch
Cisco NX-OS

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. A remote attacker can perform a high amount of login attempts against the affected device and cause it to become inaccessible to other users, resulting in a denial of service condition requiring a manual power cycle of the VSM to recover.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos

#VU25654 Resource management error in Cisco Nexus 1000v Application Virtual Switch and Cisco NX-OS - CVE-2020-3168

Description

Remediation

External links

Please verify you're human