CVE-2024-20267

29.02.2024, 01:43

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload.

This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition.

Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
cisco	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 71%

Vendor	Product	Version
cisco	nx-os	6.0\(2\)a3\(1\)
cisco	nx-os	6.0\(2\)a3\(2\)
cisco	nx-os	6.0\(2\)a3\(4\)
cisco	nx-os	6.0\(2\)a4\(1\)
cisco	nx-os	6.0\(2\)a4\(2\)
cisco	nx-os	6.0\(2\)a4\(3\)
cisco	nx-os	6.0\(2\)a4\(4\)
cisco	nx-os	6.0\(2\)a4\(5\)
cisco	nx-os	6.0\(2\)a4\(6\)
cisco	nx-os	6.0\(2\)a6\(1\)
cisco	nx-os	6.0\(2\)a6\(1a\)
cisco	nx-os	6.0\(2\)a6\(2\)
cisco	nx-os	6.0\(2\)a6\(2a\)
cisco	nx-os	6.0\(2\)a6\(3\)
cisco	nx-os	6.0\(2\)a6\(3a\)
cisco	nx-os	6.0\(2\)a6\(4\)
cisco	nx-os	6.0\(2\)a6\(4a\)
cisco	nx-os	6.0\(2\)a6\(5\)
cisco	nx-os	6.0\(2\)a6\(5a\)
cisco	nx-os	6.0\(2\)a6\(5b\)
cisco	nx-os	6.0\(2\)a6\(6\)
cisco	nx-os	6.0\(2\)a6\(7\)
cisco	nx-os	6.0\(2\)a6\(8\)
cisco	nx-os	6.0\(2\)a7\(1\)
cisco	nx-os	6.0\(2\)a7\(1a\)
cisco	nx-os	6.0\(2\)a7\(2\)
cisco	nx-os	6.0\(2\)a7\(2a\)
cisco	nx-os	6.0\(2\)a8\(1\)
cisco	nx-os	6.0\(2\)a8\(2\)
cisco	nx-os	6.0\(2\)a8\(3\)
cisco	nx-os	6.0\(2\)a8\(4\)
cisco	nx-os	6.0\(2\)a8\(4a\)
cisco	nx-os	6.0\(2\)a8\(5\)
cisco	nx-os	6.0\(2\)a8\(6\)
cisco	nx-os	6.0\(2\)a8\(7\)
cisco	nx-os	6.0\(2\)a8\(7a\)
cisco	nx-os	6.0\(2\)a8\(7b\)
cisco	nx-os	6.0\(2\)a8\(8\)
cisco	nx-os	6.0\(2\)a8\(9\)
cisco	nx-os	6.0\(2\)a8\(10\)
cisco	nx-os	6.0\(2\)a8\(10a\)
cisco	nx-os	6.0\(2\)a8\(11\)
cisco	nx-os	6.0\(2\)a8\(11a\)
cisco	nx-os	6.0\(2\)a8\(11b\)
cisco	nx-os	6.0\(2\)u2\(1\)
cisco	nx-os	6.0\(2\)u2\(2\)
cisco	nx-os	6.0\(2\)u2\(3\)
cisco	nx-os	6.0\(2\)u2\(4\)
cisco	nx-os	6.0\(2\)u2\(5\)
cisco	nx-os	6.0\(2\)u2\(6\)
cisco	nx-os	6.0\(2\)u3\(1\)
cisco	nx-os	6.0\(2\)u3\(2\)
cisco	nx-os	6.0\(2\)u3\(3\)
cisco	nx-os	6.0\(2\)u3\(4\)
cisco	nx-os	6.0\(2\)u3\(5\)
cisco	nx-os	6.0\(2\)u3\(6\)
cisco	nx-os	6.0\(2\)u3\(7\)
cisco	nx-os	6.0\(2\)u3\(8\)
cisco	nx-os	6.0\(2\)u3\(9\)
cisco	nx-os	6.0\(2\)u4\(1\)
cisco	nx-os	6.0\(2\)u4\(2\)
cisco	nx-os	6.0\(2\)u4\(3\)
cisco	nx-os	6.0\(2\)u4\(4\)
cisco	nx-os	6.0\(2\)u5\(1\)
cisco	nx-os	6.0\(2\)u5\(2\)
cisco	nx-os	6.0\(2\)u5\(3\)
cisco	nx-os	6.0\(2\)u5\(4\)
cisco	nx-os	6.0\(2\)u6\(1\)
cisco	nx-os	6.0\(2\)u6\(1a\)
cisco	nx-os	6.0\(2\)u6\(2\)
cisco	nx-os	6.0\(2\)u6\(2a\)
cisco	nx-os	6.0\(2\)u6\(3\)
cisco	nx-os	6.0\(2\)u6\(3a\)
cisco	nx-os	6.0\(2\)u6\(4\)
cisco	nx-os	6.0\(2\)u6\(4a\)
cisco	nx-os	6.0\(2\)u6\(5\)
cisco	nx-os	6.0\(2\)u6\(5a\)
cisco	nx-os	6.0\(2\)u6\(5b\)
cisco	nx-os	6.0\(2\)u6\(5c\)
cisco	nx-os	6.0\(2\)u6\(6\)
cisco	nx-os	6.0\(2\)u6\(7\)
cisco	nx-os	6.0\(2\)u6\(8\)
cisco	nx-os	6.0\(2\)u6\(9\)
cisco	nx-os	6.0\(2\)u6\(10\)
cisco	nx-os	6.2\(2\)
cisco	nx-os	6.2\(2a\)
cisco	nx-os	6.2\(6\)
cisco	nx-os	6.2\(6a\)
cisco	nx-os	6.2\(6b\)
cisco	nx-os	6.2\(8\)
cisco	nx-os	6.2\(8a\)
cisco	nx-os	6.2\(8b\)
cisco	nx-os	6.2\(10\)
cisco	nx-os	6.2\(12\)
cisco	nx-os	6.2\(14\)
cisco	nx-os	6.2\(16\)
cisco	nx-os	6.2\(18\)
cisco	nx-os	6.2\(20\)
cisco	nx-os	6.2\(20a\)
cisco	nx-os	6.2\(22\)
cisco	nx-os	6.2\(24\)
cisco	nx-os	6.2\(24a\)
cisco	nx-os	7.0\(3\)f1\(1\)
cisco	nx-os	7.0\(3\)f2\(1\)
cisco	nx-os	7.0\(3\)f2\(2\)
cisco	nx-os	7.0\(3\)f3\(1\)
cisco	nx-os	7.0\(3\)f3\(2\)
cisco	nx-os	7.0\(3\)f3\(3\)
cisco	nx-os	7.0\(3\)f3\(3a\)
cisco	nx-os	7.0\(3\)f3\(3c\)
cisco	nx-os	7.0\(3\)f3\(4\)
cisco	nx-os	7.0\(3\)f3\(5\)
cisco	nx-os	7.0\(3\)i2\(1\)
cisco	nx-os	7.0\(3\)i2\(1a\)
cisco	nx-os	7.0\(3\)i2\(2\)
cisco	nx-os	7.0\(3\)i2\(2a\)
cisco	nx-os	7.0\(3\)i2\(2b\)
cisco	nx-os	7.0\(3\)i2\(2c\)
cisco	nx-os	7.0\(3\)i2\(2d\)
cisco	nx-os	7.0\(3\)i2\(2e\)
cisco	nx-os	7.0\(3\)i2\(3\)
cisco	nx-os	7.0\(3\)i2\(4\)
cisco	nx-os	7.0\(3\)i2\(5\)
cisco	nx-os	7.0\(3\)i3\(1\)
cisco	nx-os	7.0\(3\)i4\(1\)
cisco	nx-os	7.0\(3\)i4\(2\)
cisco	nx-os	7.0\(3\)i4\(3\)
cisco	nx-os	7.0\(3\)i4\(4\)
cisco	nx-os	7.0\(3\)i4\(5\)
cisco	nx-os	7.0\(3\)i4\(6\)
cisco	nx-os	7.0\(3\)i4\(7\)
cisco	nx-os	7.0\(3\)i4\(8\)
cisco	nx-os	7.0\(3\)i4\(8a\)
cisco	nx-os	7.0\(3\)i4\(8b\)
cisco	nx-os	7.0\(3\)i4\(8z\)
cisco	nx-os	7.0\(3\)i4\(9\)
cisco	nx-os	7.0\(3\)i5\(1\)
cisco	nx-os	7.0\(3\)i5\(2\)
cisco	nx-os	7.0\(3\)i6\(1\)
cisco	nx-os	7.0\(3\)i6\(2\)
cisco	nx-os	7.0\(3\)i7\(1\)
cisco	nx-os	7.0\(3\)i7\(2\)
cisco	nx-os	7.0\(3\)i7\(3\)
cisco	nx-os	7.0\(3\)i7\(4\)
cisco	nx-os	7.0\(3\)i7\(5\)
cisco	nx-os	7.0\(3\)i7\(5a\)
cisco	nx-os	7.0\(3\)i7\(6\)
cisco	nx-os	7.0\(3\)i7\(7\)
cisco	nx-os	7.0\(3\)i7\(8\)
cisco	nx-os	7.0\(3\)i7\(9\)
cisco	nx-os	7.0\(3\)i7\(10\)
cisco	nx-os	7.1\(0\)n1\(1\)
cisco	nx-os	7.1\(0\)n1\(1a\)
cisco	nx-os	7.1\(0\)n1\(1b\)
cisco	nx-os	7.1\(1\)n1\(1\)
cisco	nx-os	7.1\(2\)n1\(1\)
cisco	nx-os	7.1\(3\)n1\(1\)
cisco	nx-os	7.1\(3\)n1\(2\)
cisco	nx-os	7.1\(4\)n1\(1\)
cisco	nx-os	7.1\(5\)n1\(1\)
cisco	nx-os	7.1\(5\)n1\(1b\)
cisco	nx-os	7.2\(0\)d1\(1\)
cisco	nx-os	7.2\(1\)d1\(1\)
cisco	nx-os	7.2\(2\)d1\(1\)
cisco	nx-os	7.2\(2\)d1\(2\)
cisco	nx-os	7.3\(0\)d1\(1\)
cisco	nx-os	7.3\(0\)dx\(1\)
cisco	nx-os	7.3\(0\)n1\(1\)
cisco	nx-os	9.2\(1\)
cisco	nx-os	9.2\(2\)
cisco	nx-os	9.2\(2t\)
cisco	nx-os	9.2\(2v\)
cisco	nx-os	9.2\(3\)
cisco	nx-os	9.2\(4\)
cisco	nx-os	9.3\(1\)
cisco	nx-os	9.3\(2\)
cisco	nx-os	9.3\(3\)
cisco	nx-os	9.3\(4\)
cisco	nx-os	9.3\(5\)
cisco	nx-os	9.3\(6\)
cisco	nx-os	9.3\(7\)
cisco	nx-os	9.3\(7a\)
cisco	nx-os	9.3\(8\)
cisco	nx-os	9.3\(9\)
cisco	nx-os	9.3\(10\)
cisco	nx-os	9.3\(11\)
cisco	nx-os	9.3\(12\)
cisco	nx-os	10.1\(1\)
cisco	nx-os	10.1\(2\)
cisco	nx-os	10.1\(2t\)
cisco	nx-os	10.2\(1\)
cisco	nx-os	10.2\(1q\)
cisco	nx-os	10.2\(2\)
cisco	nx-os	10.2\(3\)
cisco	nx-os	10.2\(3t\)
cisco	nx-os	10.2\(3v\)
cisco	nx-os	10.2\(4\)
cisco	nx-os	10.2\(5\)
cisco	nx-os	10.2\(6\)
cisco	nx-os	10.3\(1\)
cisco	nx-os	10.3\(2\)
cisco	nx-os	10.3\(3\)
cisco	nx-os	10.3\(99w\)
cisco	nx-os	10.3\(99x\)
cisco	nx-os	10.4\(1\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM