Sign-up

ID

VAR-202002-0696


CVE

CVE-2020-3168


TITLE

Cisco Nexus 1000V Switch for VMware vSphere Resource Management Error Vulnerability

Trust: 1.4

sources: IVD: ed1a4456-290c-4461-8067-d9cdcde222fd // CNVD: CNVD-2020-14811 // CNNVD: CNNVD-202002-1238

DESCRIPTION

A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. VMware vSphere For Cisco Nexus 1000V The switch contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Supervisor is a process control system for Unix-like systems. This system is mainly used to monitor and control processes in Unix-like operating systems. The program failed to allocate resources correctly

Trust: 2.34

sources: NVD: CVE-2020-3168 // JVNDB: JVNDB-2020-002476 // CNVD: CNVD-2020-14811 // IVD: ed1a4456-290c-4461-8067-d9cdcde222fd

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ed1a4456-290c-4461-8067-d9cdcde222fd // CNVD: CNVD-2020-14811

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:5.2\(1\)sv3\(4.1a\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus switch for vmware vspherescope:eqversion:1000v

Trust: 0.6

vendor:nx osmodel:5.2 sv3scope: - version: -

Trust: 0.2

sources: IVD: ed1a4456-290c-4461-8067-d9cdcde222fd // CNVD: CNVD-2020-14811 // JVNDB: JVNDB-2020-002476 // NVD: CVE-2020-3168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3168
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3168
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002476
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-14811
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-1238
value: HIGH

Trust: 0.6

IVD: ed1a4456-290c-4461-8067-d9cdcde222fd
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2020-3168
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002476
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14811
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ed1a4456-290c-4461-8067-d9cdcde222fd
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2020-3168
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3168
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002476
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ed1a4456-290c-4461-8067-d9cdcde222fd // CNVD: CNVD-2020-14811 // JVNDB: JVNDB-2020-002476 // CNNVD: CNNVD-202002-1238 // NVD: CVE-2020-3168 // NVD: CVE-2020-3168

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

problemtype:CWE-399

Trust: 1.0

sources: JVNDB: JVNDB-2020-002476 // NVD: CVE-2020-3168

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1238

TYPE

Resource management error

Trust: 0.8

sources: IVD: ed1a4456-290c-4461-8067-d9cdcde222fd // CNNVD: CNNVD-202002-1238

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002476

PATCH
title:cisco-sa-20200226-nexus-1000v-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos\
Trust: 0.8
title:Patch for Cisco Nexus 1000V Switch for VMware vSphere Resource Management Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/206233
Trust: 0.6
title:Cisco Nexus 1000V Switch for VMware vSphere Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110818
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14811 // 
            
            
            
            JVNDB: JVNDB-2020-002476 // 
            
            
            
            CNNVD: CNNVD-202002-1238

EXTERNAL IDS
db:NVDid:CVE-2020-3168
Trust: 3.2
db:CNVDid:CNVD-2020-14811
Trust: 0.8
db:CNNVDid:CNNVD-202002-1238
Trust: 0.8
db:JVNDBid:JVNDB-2020-002476
Trust: 0.8
db:AUSCERTid:ESB-2020.0710
Trust: 0.6
db:NSFOCUSid:46036
Trust: 0.6
db:IVDid:ED1A4456-290C-4461-8067-D9CDCDE222FD
Trust: 0.2
sources:
            
            
            IVD: ed1a4456-290c-4461-8067-d9cdcde222fd // 
            
            
            
            CNVD: CNVD-2020-14811 // 
            
            
            
            JVNDB: JVNDB-2020-002476 // 
            
            
            
            CNNVD: CNNVD-202002-1238 // 
            
            
            
            NVD: CVE-2020-3168

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-3168
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200226-nexus-1000v-dos
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3168
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46036
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-nexus-1000v-switch-for-vmware-vsphere-denial-of-service-via-vsm-secure-login-enhancements-31685
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0710/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14811 // 
            
            
            
            JVNDB: JVNDB-2020-002476 // 
            
            
            
            CNNVD: CNNVD-202002-1238 // 
            
            
            
            NVD: CVE-2020-3168

SOURCES
db:IVDid:ed1a4456-290c-4461-8067-d9cdcde222fd
db:CNVDid:CNVD-2020-14811
db:JVNDBid:JVNDB-2020-002476
db:CNNVDid:CNNVD-202002-1238
db:NVDid:CVE-2020-3168

LAST UPDATE DATE
2024-08-14T14:44:59.853000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14811date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002476date:2020-03-17T00:00:00
db:CNNVDid:CNNVD-202002-1238date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3168date:2020-03-05T14:44:23.480

SOURCES RELEASE DATE
db:IVDid:ed1a4456-290c-4461-8067-d9cdcde222fddate:2020-02-26T00:00:00
db:CNVDid:CNVD-2020-14811date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002476date:2020-03-17T00:00:00
db:CNNVDid:CNNVD-202002-1238date:2020-02-26T00:00:00
db:NVDid:CVE-2020-3168date:2020-02-26T17:15:12.937