Details of VAR-202002-0703

ID

VAR-202002-0703

CVE

CVE-2020-3175

TITLE

Cisco MDS 9000 For Cisco NX-OS Software exhaustion vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002447

DESCRIPTION

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. Cisco MDS 9000 For Cisco NX-OS Software contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Cisco MDS 9000 Series Multilayer Switches is an MDS 9000 series multilayer switch from Cisco (USA). Cisco NX-OS Software is a suite of data center-level operating system software for switches

Trust: 2.25

sources: NVD: CVE-2020-3175 // JVNDB: JVNDB-2020-002447 // CNVD: CNVD-2020-14814 // VULMON: CVE-2020-3175

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-14814

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	mds series multilayer switches	scope:	eq	version:	9000	Trust: 0.6

sources: CNVD: CNVD-2020-14814 // JVNDB: JVNDB-2020-002447 // NVD: CVE-2020-3175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3175
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3175
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002447
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-14814
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202002-1241
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-3175
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-3175
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-002447
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-14814
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-3175
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3175
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-002447
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-14814 // VULMON: CVE-2020-3175 // JVNDB: JVNDB-2020-002447 // CNNVD: CNNVD-202002-1241 // NVD: CVE-2020-3175 // NVD: CVE-2020-3175

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.8
problemtype:	CWE-664	Trust: 1.0

sources: JVNDB: JVNDB-2020-002447 // NVD: CVE-2020-3175

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1241

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1241

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002447

PATCH

title:	cisco-sa-20200226-mds-ovrld-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos\	Trust: 0.8
title:	Patch for Cisco MDS 9000 Series Multilayer Switches NX-OS Software Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/206217	Trust: 0.6
title:	Cisco MDS 9000 Series Multilayer Switches NX-OS Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111078	Trust: 0.6
title:	Cisco: Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20200226-mds-ovrld-dos	Trust: 0.1

sources: CNVD: CNVD-2020-14814 // VULMON: CVE-2020-3175 // JVNDB: JVNDB-2020-002447 // CNNVD: CNNVD-202002-1241

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3175	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-002447	Trust: 0.8
db:	CNVD	id:	CNVD-2020-14814	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0709	Trust: 0.6
db:	NSFOCUS	id:	46033	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-1241	Trust: 0.6
db:	VULMON	id:	CVE-2020-3175	Trust: 0.1

sources: CNVD: CNVD-2020-14814 // VULMON: CVE-2020-3175 // JVNDB: JVNDB-2020-002447 // CNNVD: CNNVD-202002-1241 // NVD: CVE-2020-3175

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-3175	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20200226-mds-ovrld-dos	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3175	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0709/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nx-os-firmware-used-by-ibm-c-type-san-directors-and-switches/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/46033	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-14814 // VULMON: CVE-2020-3175 // JVNDB: JVNDB-2020-002447 // CNNVD: CNNVD-202002-1241 // NVD: CVE-2020-3175

SOURCES

db:	CNVD	id:	CNVD-2020-14814
db:	VULMON	id:	CVE-2020-3175
db:	JVNDB	id:	JVNDB-2020-002447
db:	CNNVD	id:	CNNVD-202002-1241
db:	NVD	id:	CVE-2020-3175

LAST UPDATE DATE

2024-11-23T23:04:29.009000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-14814	date:	2020-03-02T00:00:00
db:	VULMON	id:	CVE-2020-3175	date:	2020-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-002447	date:	2020-03-16T00:00:00
db:	CNNVD	id:	CNNVD-202002-1241	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2020-3175	date:	2024-11-21T05:30:29.070

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-14814	date:	2020-03-02T00:00:00
db:	VULMON	id:	CVE-2020-3175	date:	2020-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-002447	date:	2020-03-16T00:00:00
db:	CNNVD	id:	CNNVD-202002-1241	date:	2020-02-26T00:00:00
db:	NVD	id:	CVE-2020-3175	date:	2020-02-26T17:15:13.657