← Back

CVE-2020-3170

nvd nist
Published: Feb 26, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.

Affected (2)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 vulnerable · 13 platform
Vulnerable SoftwareAffected Versions
Nx Os
Before 8.4\(1\)
Running on/withPlatform Versions
Cisco
Mds 9132t
All versions
Cisco
Mds 9148s
All versions
Cisco
Mds 9148t
All versions
Cisco
Mds 9216
All versions
Cisco
Mds 9216a
All versions
Cisco
Mds 9216i
All versions
Cisco
Mds 9222i
All versions
Cisco
Mds 9506
All versions
Cisco
Mds 9509
All versions
Cisco
Mds 9513
All versions
Cisco
Mds 9706
All versions
Cisco
Mds 9710
All versions
Cisco
Mds 9718
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Nx Os
Before 8.2\(5\)
Running on/withPlatform Versions
Cisco
Nexus 7000
All versions
Cisco
Nexus 7700
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.