NULL pointer dereference in Cisco Systems, Inc Hardware solutions

#VU46104 NULL pointer dereference in Cisco Systems, Inc Hardware solutions

Published: 2020-08-27

Vulnerability identifier: #VU46104

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3517

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Cisco Fabric Services component . A remote attacker can send malicious Cisco Fabric Services messages and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco FXOS: 1.1 - 2.2

Cisco NX-OS: All versions

Cisco Firepower 4100 Series Next-Generation Firewall: 2.7.1.122

Cisco Firepower 9300 Security Appliance: 2.7.1.122

Cisco MDS 9000 Series Multilayer Switches: 8.4.1

Cisco Nexus 3000 Series Switches: All versions

Cisco Nexus 5500 Series Switches: 7.3.7 N1.0.786

Cisco Nexus 5600 Series Switches: 7.3.7 N1.0.786

Cisco Nexus 6000 Series Switches: 7.3.7 N1.0.786

Cisco Nexus 7000 Series Switches: 8.4.1

Cisco Nexus 9000 Series Switches NX-OS Mode: All versions

UCS 6200 Series Fabric Interconnects: 4.1.1

UCS 6300 Series Fabric Interconnects: 4.1.1

UCS 6400 Series Fabric Interconnects: 4.1.1

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco FXOS, NX-OS Software and Cisco Fabric Services