ID

VAR-202002-0700


CVE

CVE-2020-3172


TITLE

Cisco FXOS and NX-OS Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-002477

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability. Cisco FXOS and NX-OS The software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco NX-OS Software and Cisco FXOS Software are both products of Cisco Corporation. Cisco NX-OS Software is a suite of data center-level operating system software for switches

Trust: 2.16

sources: NVD: CVE-2020-3172 // JVNDB: JVNDB-2020-002477 // CNVD: CNVD-2020-14813

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14813

AFFECTED PRODUCTS

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.7

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.7.1.106

Trust: 1.0

vendor:ciscomodel:ucs managerscope:ltversion:4.0\(4g\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.3\(0\)d1\(0.140\)

Trust: 1.0

vendor:ciscomodel:ucs managerscope:gteversion:4.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.3\(5\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.3\(0\)d1\(0.146\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:13.2\(7.230\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:14.2\(1i\)

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.6.1.187

Trust: 1.0

vendor:ciscomodel:ucs managerscope:ltversion:3.2\(3n\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:5.2\(1\)sv5\(1.2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i3\(0.191\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:ucs managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:firepower seriesscope:eqversion:4100

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus switch for vmware vspherescope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6300

Trust: 0.6

vendor:ciscomodel:firepower security appliancesscope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:nexus virtual edge for vmware vspherescope:eqversion:1000

Trust: 0.6

vendor:ciscomodel:nexus switch for microsoft hyper-vscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexus series fabric switches in application centric infrastructure modescope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switches in standalone nx-os modescope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:firepower 9300scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.0

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.0.1.201

Trust: 0.6

vendor:ciscomodel:ucs managerscope:eqversion:4.0

Trust: 0.6

vendor:ciscomodel:firepower 4150scope:eqversion: -

Trust: 0.6

vendor:ciscomodel:ucs managerscope:eqversion:3.2

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.2.2.54

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:ucs managerscope:eqversion:3.23m

Trust: 0.6

vendor:ciscomodel:fxosscope:eqversion:2.2

Trust: 0.6

sources: CNVD: CNVD-2020-14813 // JVNDB: JVNDB-2020-002477 // CNNVD: CNNVD-202002-1240 // NVD: CVE-2020-3172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3172
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3172
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002477
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-14813
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-1240
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-3172
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002477
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14813
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3172
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3172
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002477
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14813 // JVNDB: JVNDB-2020-002477 // CNNVD: CNNVD-202002-1240 // NVD: CVE-2020-3172 // NVD: CVE-2020-3172

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-002477 // NVD: CVE-2020-3172

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1240

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1240

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002477

PATCH

title:cisco-sa-20200226-fxos-nxos-cdpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp\

Trust: 0.8

title:Patch for Cisco NX-OS Software and Cisco FXOS Software Input Validation Error Vulnerability (CNVD-2020-14813)url:https://www.cnvd.org.cn/patchInfo/show/206219

Trust: 0.6

title:Cisco NX-OS Software and Cisco FXOS Software Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110605

Trust: 0.6

sources: CNVD: CNVD-2020-14813 // JVNDB: JVNDB-2020-002477 // CNNVD: CNNVD-202002-1240

EXTERNAL IDS

db:NVDid:CVE-2020-3172

Trust: 3.0

db:JVNDBid:JVNDB-2020-002477

Trust: 0.8

db:CNVDid:CNVD-2020-14813

Trust: 0.6

db:AUSCERTid:ESB-2020.0708

Trust: 0.6

db:NSFOCUSid:46034

Trust: 0.6

db:CNNVDid:CNNVD-202002-1240

Trust: 0.6

sources: CNVD: CNVD-2020-14813 // JVNDB: JVNDB-2020-002477 // CNNVD: CNNVD-202002-1240 // NVD: CVE-2020-3172

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-3172

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200226-fxos-nxos-cdp

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3172

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0708/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nx-os-code-execution-via-cisco-discovery-protocol-31682

Trust: 0.6

url:http://www.nsfocus.net/vulndb/46034

Trust: 0.6

sources: CNVD: CNVD-2020-14813 // JVNDB: JVNDB-2020-002477 // CNNVD: CNNVD-202002-1240 // NVD: CVE-2020-3172

SOURCES

db:CNVDid:CNVD-2020-14813
db:JVNDBid:JVNDB-2020-002477
db:CNNVDid:CNNVD-202002-1240
db:NVDid:CVE-2020-3172

LAST UPDATE DATE

2024-08-14T13:54:52.372000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14813date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002477date:2020-03-17T00:00:00
db:CNNVDid:CNNVD-202002-1240date:2020-03-13T00:00:00
db:NVDid:CVE-2020-3172date:2023-04-20T15:27:48.130

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14813date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002477date:2020-03-17T00:00:00
db:CNNVDid:CNNVD-202002-1240date:2020-02-26T00:00:00
db:NVDid:CVE-2020-3172date:2020-02-26T17:15:13.343