CVE-2020-3174 - OpenCVE

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Mds 9132t Mds 9148s Mds 9148t Mds 9216 Mds 9216a Mds 9216i Mds 9222i Mds 9506 Mds 9509 Mds 9513 Mds 9706 Mds 9710 Mds 9718 Nexus 3016 Nexus 3048 Nexus 3064 Nexus 3064-t Nexus 31108pc-v Nexus 31108tc-v Nexus 31128pq Nexus 3132c-z Nexus 3132q Nexus 3132q-v Nexus 3132q-xl Nexus 3164q Nexus 3172 Nexus 3172pq-xl Nexus 3172tq Nexus 3172tq-32t Nexus 3172tq-xl Nexus 3232c Nexus 3264c-e Nexus 3264q Nexus 3408-s Nexus 34180yc Nexus 3432d-s Nexus 3464c Nexus 3524 Nexus 3524-x Nexus 3524-xl Nexus 3548 Nexus 3548-x Nexus 3548-xl Nexus 36180yc-r Nexus 3636c-r Nexus 7000 Nexus 7700 Nexus 9000v Nexus 92160yc-x Nexus 92300yc Nexus 92304qc Nexus 92348gc-x Nexus 9236c Nexus 9272q Nexus 93108tc-ex Nexus 93108tc-fx Nexus 93120tx Nexus 93128tx Nexus 93180lc-ex Nexus 93180yc-ex Nexus 93180yc-fx Nexus 93216tc-fx2 Nexus 93240yc-fx2 Nexus 9332c Nexus 9332pq Nexus 93360yc-fx2 Nexus 9336c-fx2 Nexus 9336pq Aci Spine Nexus 9348gc-fxp Nexus 9364c Nexus 9372px Nexus 9372px-e Nexus 9372tx Nexus 9372tx-e Nexus 9396px Nexus 9396tx Nexus 9504 Nexus 9508 Nexus 9516 Nx-os

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os:8.1\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:8.4\(1\):::::::*
	cpe:2.3:o:cisco:nx-os:9.3\(1\):::::::*

OR	cpe:2.3:h:cisco:mds_9132t:-:::::::*
	cpe:2.3:h:cisco:mds_9148s:-:::::::*
	cpe:2.3:h:cisco:mds_9148t:-:::::::*
	cpe:2.3:h:cisco:mds_9216:-:::::::*
	cpe:2.3:h:cisco:mds_9216a:-:::::::*
	cpe:2.3:h:cisco:mds_9216i:-:::::::*
	cpe:2.3:h:cisco:mds_9222i:-:::::::*
	cpe:2.3:h:cisco:mds_9506:-:::::::*
	cpe:2.3:h:cisco:mds_9509:-:::::::*
	cpe:2.3:h:cisco:mds_9513:-:::::::*
	cpe:2.3:h:cisco:mds_9706:-:::::::*
	cpe:2.3:h:cisco:mds_9710:-:::::::*
	cpe:2.3:h:cisco:mds_9718:-:::::::*
	cpe:2.3:h:cisco:nexus_3016:-:::::::*
	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_3064:-:::::::*
	cpe:2.3:h:cisco:nexus_3064-t:-:::::::*
	cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132c-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-v:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3232c_:-:::::::*
	cpe:2.3:h:cisco:nexus_3264c-e:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3408-s:-:::::::*
	cpe:2.3:h:cisco:nexus_34180yc:-:::::::*
	cpe:2.3:h:cisco:nexus_3432d-s:-:::::::*
	cpe:2.3:h:cisco:nexus_3464c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_3636c-r:-:::::::*
	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*
	cpe:2.3:h:cisco:nexus_9000v:-:::::::*
	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
	cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9332c:-:::::::*
cpe:2.3:h:cisco:nexus_9332pq:-:::::::*
cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::*
cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:::::::*
cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
cpe:2.3:h:cisco:nexus_9364c:-:::::::*
cpe:2.3:h:cisco:nexus_9372px:-:::::::*
cpe:2.3:h:cisco:nexus_9372px-e:-:::::::*
cpe:2.3:h:cisco:nexus_9372tx:-:::::::*
cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::*
cpe:2.3:h:cisco:nexus_9396px:-:::::::*
cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
cpe:2.3:h:cisco:nexus_9504:-:::::::*
cpe:2.3:h:cisco:nexus_9508:-:::::::*
cpe:2.3:h:cisco:nexus_9516:-:::::::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-02-26T16:50:29.751893Z

Updated: 2024-09-17T03:12:36.587Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3174

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-26T17:15:13.563

Modified: 2020-03-03T20:46:38.923

Link: CVE-2020-3174

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object