Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2020-3120

Published: 05/02/2020 Updated: 20/04/2023
CVSS v2 Base Score: 6.1 | Impact Score: 6.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 543
Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent malicious user to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the malicious user to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco firepower extensible operating system

cisco fxos 2.4

cisco ios xr 5.2.5

cisco ios xr 6.4.2

cisco ios xr 6.5.3

cisco ios xr 6.6.25

cisco ios xr 7.0.1

cisco nx-os

cisco ucs manager

Vendor Advisories

Cisco: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition The vulnerability is due to a missing check when the affected software pr ...

Github Repositories

https://github.com/routetonull/opencheck

Get Cisco PSIRT OpenVuln for a provided platform/version and renders a markdown report.

OPENCHECK Get Cisco PSIRT OpenVuln for a provided platform/version and renders a markdown report Inspired by githubcom/NWMichl/openvuln Requirements: CISCO_API_KEY and CISCO_CLIENT_SECRET to access PSIRT API curl jq j2cli Env vars: export CISCO_API_KEY=myciscoapikey export CISCO_CLIENT_SECRET=mycisccolientsecret Or edit crede

References

CWE-190https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-doshttp://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlhttps://nvd.nist.govhttps://github.com/routetonull/opencheckhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-doshttps://www.kb.cert.org/vuls/id/261385
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044client sideCVE-2021-47601deserializationCVE-2024-34994encryptionCVE-2021-47609CVE-2024-37079CVE-2024-38608
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook