cbcvebase.
CVE-2020-3120
published 2020-02-05

CVE-2020-3120: A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an…

medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_ios_xr_software>= unspecified < 2.3.1.1732.3.1.173
ciscofirepower_extensible_operating_system<= 2.3.1.173
ciscofirepower_extensible_operating_system>= 2.6 < 2.6.1.1872.6.1.187
ciscofirepower_extensible_operating_system>= 2.7 < 2.7.1.1062.7.1.106
ciscofxos
ciscofxos_ios_xr_and_nx-os
ciscoios_xr
ciscoios_xr
ciscoios_xr
ciscoios_xr
ciscoios_xr
cisconx-os< 5.2\(1\)sv3\(4.1b\)5.2\(1\)sv3\(4.1b\)
cisconx-os< 7.3\(6\)n1\(1\)7.3\(6\)n1\(1\)
cisconx-os< 6.2\(24\)6.2\(24\)
cisconx-os< 13.2\(9b\)13.2\(9b\)
cisconx-os<= 5.2
cisconx-os>= 14.0 < 14.2\(1j\)14.2\(1j\)
cisconx-os>= 5.2 < 6.2\(29\)6.2\(29\)
cisconx-os>= 5.2 < 5.2\(1\)sv5\(1.3\)5.2\(1\)sv5\(1.3\)
cisconx-os>= 7.0\(3\)f2 < 9.3\(2\)9.3\(2\)
cisconx-os>= 7.0\(3\)i < 7.0\(3\)i7\(8\)7.0\(3\)i7\(8\)
cisconx-os>= 7.2 < 7.3\(5\)d1\(1\)7.3\(5\)d1\(1\)
cisconx-os>= 7.3 < 8.4\(1a\)8.4\(1a\)
cisconx-os>= 8.0 < 8.2\(5\)8.2\(5\)
cisconx-os>= 8.3 < 8.4\(2\)8.4\(2\)