CVE-2020-3517

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

8.6HIGH

EPSS

1.5%

top 18.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Nx-os Cisco Cisco Nx-os Software

Timeline

PublishedAug 27

Latest updateMay 24

Description

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service (DoS) condition on an affected device. The attack vector is configuration dependent and could be remote or adjacent. For more information about the attack vector, see the Details section of this advisory. The vulnerability is due to insufficient error handling when the affected software p…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5cisco/cisco_nx-os_softwaren/a

▶NVDcisco/nx-os4.0 — 4.0\(4i\)+285

▶NVDcisco/firepower_extensible_operating_system1.1 — 1.1.4.179+3

🔴Vulnerability Details

GHSA

GHSA-8cw5-4pj3-6hp9: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to caus↗2022-05-24

▶

GHSA

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12↗2021-05-17

▶

CVEList

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability↗2020-08-27

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability↗2020-08-26

▶