cbcvebase.
CVE-2020-3496
published 2020-08-26

CVE-2020-3496: A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

Affected

116 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_small_business_250_series_smart_switches_software
ciscosf200-24_firmware<= 2.5.5.47
ciscosf200-24fp_firmware<= 2.5.5.47
ciscosf200-24p_firmware<= 2.5.5.47
ciscosf200-48_firmware<= 2.5.5.47
ciscosf200-48p_firmware<= 2.5.5.47
ciscosf250-24_firmware<= 2.5.5.47
ciscosf250-24p_firmware<= 2.5.5.47
ciscosf250-48_firmware<= 2.5.5.47
ciscosf250-48hp_firmware<= 2.5.5.47
ciscosf300-08_firmware<= 2.5.5.47
ciscosf300-24_firmware<= 2.5.5.47
ciscosf300-24mp_firmware<= 2.5.5.47
ciscosf300-24p_firmware<= 2.5.5.47
ciscosf300-24pp_firmware<= 2.5.5.47
ciscosf300-48_firmware<= 2.5.5.47
ciscosf300-48p_firmware<= 2.5.5.47
ciscosf300-48pp_firmware<= 2.5.5.47
ciscosf302-08_firmware<= 2.5.5.47
ciscosf302-08mp_firmware<= 2.5.5.47
ciscosf302-08mpp_firmware<= 2.5.5.47
ciscosf302-08p_firmware<= 2.5.5.47
ciscosf302-08pp_firmware<= 2.5.5.47
ciscosf350-48_firmware<= 2.5.5.47
ciscosf350-48mp_firmware<= 2.5.5.47