CVE-2023-20089 — Memory Allocation with Excessive Size Value in Cisco Nx-os System Software IN ACI Mode

CWE-789 — Memory Allocation with Excessive Size Value CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

6.5MEDIUMNVD

CNA7.4

EPSS

0.4%

top 37.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os System Software IN ACI Mode Cisco Nx-os

Timeline

PublishedFeb 23

Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device.…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_nx-os_system_software_in_aci_moden/a

▶NVDcisco/nx-os16 versions+15

🔴Vulnerability Details

GHSA

GHSA-qg8x-2gcc-v7rf: A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure↗2023-02-23

▶

CVEList

Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability↗2023-02-23

▶

📋Vendor Advisories

Cisco

Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability↗2023-02-22

▶