CVE-2020-3119Out-of-bounds Write in Cisco Unified Computing System

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.8HIGHNVD
EPSS
7.9%
top 7.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unified Computing SystemCisco Nx-osCisco UCS Manager
Timeline
PublishedFeb 5
Latest updateMay 24

Description

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successfu

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/nx-os7.0\(3\)f29.3\(2\)+4
NVDcisco/ucs_manager4.04.0\(4f\)+1
CVEListV5cisco/cisco_unified_computing_systemunspecified9.3(2)

🔴Vulnerability Details

2
GHSA
GHSA-wq2m-fgj4-27jc: A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute a2022-05-24
CVEList
Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability2020-02-05

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability2020-02-05
CVE-2020-3119 — Out-of-bounds Write in Cisco | cvebase