CVE-2023-20169Access of Memory Location After End of Buffer in Cisco Nx-os Software

CWE-788Access of Memory Location After End of BufferCWE-20Improper Input Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 75.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedAug 23

Description

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerabilit

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_software10.3(2)
NVDcisco/nx-os10.3\(2\)

🔴Vulnerability Details

2
CVEList
CVE-2023-20169: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches an2023-08-23
GHSA
GHSA-rjhj-97m9-mffq: A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches an2023-08-23

📋Vendor Advisories

1
Cisco
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability2023-08-23
CVE-2023-20169 — Cisco Nx-os Software vulnerability | cvebase