CVE-2020-3527
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 4.0
Source: NVD
Description
A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery.
Affected (2)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 16.12.0 to 16.12.3 |
| Running on/with | Platform Versions |
|---|---|
Cisco Catalyst C9200l 24p 4g | All versions |
Cisco Catalyst C9200l 24p 4x | All versions |
Cisco Catalyst C9200l 24pxg 2y | All versions |
Cisco Catalyst C9200l 24pxg 4x | All versions |
Cisco Catalyst C9200l 24t 4g | All versions |
Cisco Catalyst C9200l 24t 4x | All versions |
Cisco Catalyst C9200l 48p 4g | All versions |
Cisco Catalyst C9200l 48p 4x | All versions |
Cisco Catalyst C9200l 48pxg 2y | All versions |
Cisco Catalyst C9200l 48pxg 4x | All versions |
Cisco Catalyst C9200l 48t 4g | All versions |
Cisco Catalyst C9200l 48t 4x | All versions |
Related CWEs
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.