#VU49026 Integer overflow in Cisco Systems, Inc products - CVE-2020-3120
Published: February 5, 2020 / Updated: December 16, 2020
Vulnerability identifier: #VU49026
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3120
CWE-ID: CWE-190
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco FXOS
Cisco IOS XR
Cisco NX-OS
Cisco MDS 9000 Series Multilayer Switches
Cisco IOS XRv 9000 Router
Cisco ASR 9000 Series Aggregation Services Routers
Cisco Network Convergence System 6000 Series Routers
Network Convergence System 5500 Series
Cisco Network Convergence System 5000 Series
Cisco Network Convergence System 560 Series Routers
Cisco Network Convergence System 540 Series Routers
Cisco Nexus 9000 Series Switches NX-OS Mode
Cisco Nexus 9000 Series Switches in ACI Mode
Cisco Nexus 7000 Series Switches
Cisco Nexus 6000 Series Switches
Nexus 5600 Platform Switches
Nexus 5500 Platform Switches
Cisco Nexus 3000 Series Switches
Nexus 1000V Switch for VMware vSphere
Nexus 1000V Switch for Microsoft Hyper-V
UCS 6400 Series Fabric Interconnects
UCS 6300 Series Fabric Interconnects
UCS 6200 Series Fabric Interconnects
Cisco Firepower 9300 Security Appliance
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Carrier Routing System
Cisco Network Convergence System 1000 Series
Nexus 1000 Virtual Edge for VMware vSphere
Cisco FXOS
Cisco IOS XR
Cisco NX-OS
Cisco MDS 9000 Series Multilayer Switches
Cisco IOS XRv 9000 Router
Cisco ASR 9000 Series Aggregation Services Routers
Cisco Network Convergence System 6000 Series Routers
Network Convergence System 5500 Series
Cisco Network Convergence System 5000 Series
Cisco Network Convergence System 560 Series Routers
Cisco Network Convergence System 540 Series Routers
Cisco Nexus 9000 Series Switches NX-OS Mode
Cisco Nexus 9000 Series Switches in ACI Mode
Cisco Nexus 7000 Series Switches
Cisco Nexus 6000 Series Switches
Nexus 5600 Platform Switches
Nexus 5500 Platform Switches
Cisco Nexus 3000 Series Switches
Nexus 1000V Switch for VMware vSphere
Nexus 1000V Switch for Microsoft Hyper-V
UCS 6400 Series Fabric Interconnects
UCS 6300 Series Fabric Interconnects
UCS 6200 Series Fabric Interconnects
Cisco Firepower 9300 Security Appliance
Cisco Firepower 4100 Series Next-Generation Firewall
Cisco Carrier Routing System
Cisco Network Convergence System 1000 Series
Nexus 1000 Virtual Edge for VMware vSphere
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the Cisco Discovery Protocol implementation. A remote attacker on the local network can send a specially crafted Cisco Discovery Protocol packet, trigger integer overflow and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.