CVE-2020-3170

Published Feb 26, 2020

Last updated 5 years ago

Overview

Description: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20
ykramarz@cisco.com: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13555705-A800-43A9-9A74-CA3243B97ECB",
            "versionEndExcluding": "8.4\\(1\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:mds_9132t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "56426D35-FCFD-406E-9144-2E66C8C86EFC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D25FA4A8-408B-4E94-B7D9-7DC54B61322F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9148t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "831B6D0F-A975-4CBA-B5BB-0AC4AD718FE8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9216:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8A72BDC4-6640-45CC-A128-0CDEE38D3ADC"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9216a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "90094569-AA2C-4D35-807F-9551FACE255F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9216i:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "306AFBC9-A236-4D03-A1EB-CE7E838D8415"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9222i:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "12DB1A25-A7C9-412F-88BC-E89588896395"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9506:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3925D2CF-9D7C-4498-8AF2-45E15D5D009F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9509:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C677D356-86C9-4491-A6CA-5E6306B2BB70"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9513:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "28A3C579-7AAD-41A4-947F-CCB9B09402A5"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5182CB50-4D32-4835-B1A8-817D989F919F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36B3B617-7554-4C36-9B41-19AA3BD2F6E9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9718:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B88879A9-A7F5-41E0-8A38-0E09E3FD27F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF541F60-D6BE-4F6C-A66D-B606411CE6E9",
            "versionEndExcluding": "8.2\\(5\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References