CVE-2020-3120
05.02.2020, 18:15
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | firepower_extensible_operating_system | 𝑥 ≤ 2.3.1.173 |
| cisco | firepower_extensible_operating_system | 2.6 ≤ 𝑥 < 2.6.1.187 |
| cisco | firepower_extensible_operating_system | 2.7 ≤ 𝑥 < 2.7.1.106 |
| cisco | fxos | 2.4 |
| cisco | ios_xr | 5.2.5 |
| cisco | ios_xr | 6.4.2 |
| cisco | ios_xr | 6.5.3 |
| cisco | ios_xr | 6.6.25 |
| cisco | ios_xr | 7.0.1 |
| cisco | nx-os | 5.2 ≤ 𝑥 < 6.2\(29\) |
| cisco | nx-os | 7.3 ≤ 𝑥 < 8.4\(1a\) |
| cisco | nx-os | 5.2 ≤ 𝑥 < 5.2\(1\)sv5\(1.3\) |
| cisco | nx-os | 𝑥 ≤ 5.2 |
| cisco | nx-os | 𝑥 < 5.2\(1\)sv3\(4.1b\) |
| cisco | nx-os | 7.0\(3\)f2 ≤ 𝑥 < 9.3\(2\) |
| cisco | nx-os | 7.0\(3\)i ≤ 𝑥 < 7.0\(3\)i7\(8\) |
| cisco | nx-os | 𝑥 < 7.3\(6\)n1\(1\) |
| cisco | nx-os | 𝑥 < 6.2\(24\) |
| cisco | nx-os | 7.2 ≤ 𝑥 < 7.3\(5\)d1\(1\) |
| cisco | nx-os | 8.0 ≤ 𝑥 < 8.2\(5\) |
| cisco | nx-os | 8.3 ≤ 𝑥 < 8.4\(2\) |
| cisco | nx-os | 𝑥 < 13.2\(9b\) |
| cisco | nx-os | 14.0 ≤ 𝑥 < 14.2\(1j\) |
| cisco | ucs_manager | 𝑥 < 3.2\(3m\) |
| cisco | ucs_manager | 4.0 ≤ 𝑥 < 4.0\(4g\) |
𝑥
= Vulnerable software versions