A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device.
Metrics
No CVSS v4.0
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Access Vector Adjacent Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:A/AC:M/Au:N/C:C/I:C/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
AND |
|
No data.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-08-27T15:40:23.899583Z
Updated: 2024-09-17T02:12:13.458Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3415
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-08-27T16:15:12.317
Modified: 2020-09-03T20:32:40.127
Link: CVE-2020-3415
Redhat
No data.