Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-20169 (GCVE-0-2023-20169)
Vulnerability from cvelistv5 – Published: 2023-08-23 18:19 – Updated: 2024-08-02 09:05
VLAI?
EPSS
Summary
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.
Severity ?
7.4 (High)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Affected:
10.3(2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.3(2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:49.042Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
}
],
"source": {
"advisory": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"defects": [
"CSCwe11136"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20169",
"datePublished": "2023-08-23T18:19:45.317Z",
"dateReserved": "2022-10-27T18:47:50.362Z",
"dateUpdated": "2024-08-02T09:05:36.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20169
Vulnerability from fstec - Published: 23.08.2023
VLAI Severity ?
Title
Уязвимость реализации протокола маршрутизации промежуточной системы (IS-IS) операционной системы Cisco NX-OS для коммутаторов Cisco Nexus серии 3000 и 9000, позволяющая нарушителю выполнить перезагрузку устройства
Description
Уязвимость реализации протокола маршрутизации промежуточной системы (IS-IS) операционной системы Cisco NX-OS для коммутаторов Cisco Nexus серии 3000 и 9000 связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить перезагрузку устройства путем отправки специально сформированных IS-IS-пакетов
Severity ?
Vendor
Cisco Systems Inc.
Software Name
NX-OS
Software Version
10.3(2) (NX-OS)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- ограничение возможности приёма пакетов IS-IS-протокола путем отключения автономного режима операционной системы NX-OS;
- использование средств межсетевого экранирования для ограничения возможности удаленного доступа к устройству;
- ограничение доступа из внешних сетей (Интернет);
- сегментирование сети с целью ограничения доступа к устройству из других подсетей.
Использование рекомендаций производителя:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb
Reference
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb
CWE
CWE-20
{
"CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10.3(2) (NX-OS)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0451\u043c\u0430 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 IS-IS-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e\u0433\u043e \u0440\u0435\u0436\u0438\u043c\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NX-OS;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.08.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.08.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.08.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-04943",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-20169",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NX-OS",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. NX-OS 10.3(2) Cisco Nexus 3000 Series, Cisco Systems Inc. NX-OS 10.3(2) Cisco Nexus 9000 Series Switches in standalone NX-OS mode",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (IS-IS) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco NX-OS \u0434\u043b\u044f \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Nexus \u0441\u0435\u0440\u0438\u0438 3000 \u0438 9000, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u043c\u0435\u0436\u0443\u0442\u043e\u0447\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (IS-IS) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco NX-OS \u0434\u043b\u044f \u043a\u043e\u043c\u043c\u0443\u0442\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Nexus \u0441\u0435\u0440\u0438\u0438 3000 \u0438 9000 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 IS-IS-\u043f\u0430\u043a\u0435\u0442\u043e\u0432",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}
CERTFR-2023-AVI-0681
Vulnerability from certfr_avis - Published: 2023-08-24 - Updated: 2023-08-24
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | les commutateurs séries Nexus 3000 et 9000 versions 9.3(11), 10.2(5) et 10.3(2) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Firepower 9300 Security Appliances sans le dernier correctif de sécurité | ||
| Cisco | N/A | UCS versions 4.2(x) antérieures à 4.2(3d) pour Cisco UCS 6324 Fabric Interconnects | ||
| Cisco | N/A | les séries Firepower 4100 sans le dernier correctif de sécurité | ||
| Cisco | N/A | UCS versions 4.2(x) antérieures à 4.2(3b) | ||
| Cisco | N/A | UCS versions antérieures à 4.1(3l) |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "les commutateurs s\u00e9ries Nexus 3000 et 9000 versions 9.3(11), 10.2(5) et 10.3(2) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 9300 Security Appliances sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS versions 4.2(x) ant\u00e9rieures \u00e0 4.2(3d) pour Cisco UCS 6324 Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les s\u00e9ries Firepower 4100 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS versions 4.2(x) ant\u00e9rieures \u00e0 4.2(3b)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS versions ant\u00e9rieures \u00e0 4.1(3l)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20168",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20168"
},
{
"name": "CVE-2023-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20169"
},
{
"name": "CVE-2023-20200",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20200"
}
],
"initial_release_date": "2023-08-24T00:00:00",
"last_revision_date": "2023-08-24T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0681",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb du 23 ao\u00fbt 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-remoteauth-dos-XB6pv74m du 23 ao\u00fbt 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO du 23 ao\u00fbt 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO"
}
]
}
GHSA-RJHJ-97M9-MFFQ
Vulnerability from github – Published: 2023-08-23 21:30 – Updated: 2023-12-22 15:30
VLAI?
Details
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.
Severity ?
7.4 (High)
{
"affected": [],
"aliases": [
"CVE-2023-20169"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-23T19:15:07Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\n\n This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.",
"id": "GHSA-rjhj-97m9-mffq",
"modified": "2023-12-22T15:30:27Z",
"published": "2023-08-23T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20169"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2023-20169
Vulnerability from fkie_nvd - Published: 2023-08-23 19:15 - Updated: 2024-11-21 07:40
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | nx-os | 10.3\(2\) | |
| cisco | nexus_3048 | - | |
| cisco | nexus_31108pc-v | - | |
| cisco | nexus_31108tc-v | - | |
| cisco | nexus_31128pq | - | |
| cisco | nexus_3132c-z | - | |
| cisco | nexus_3132q-v | - | |
| cisco | nexus_3132q-xl | - | |
| cisco | nexus_3164q | - | |
| cisco | nexus_3172pq | - | |
| cisco | nexus_3172pq-xl | - | |
| cisco | nexus_3172tq | - | |
| cisco | nexus_3172tq-32t | - | |
| cisco | nexus_3172tq-xl | - | |
| cisco | nexus_3232 | - | |
| cisco | nexus_3264c-e | - | |
| cisco | nexus_3264q | - | |
| cisco | nexus_3408-s | - | |
| cisco | nexus_34180yc | - | |
| cisco | nexus_34200yc-sm | - | |
| cisco | nexus_3432d-s | - | |
| cisco | nexus_3464c | - | |
| cisco | nexus_3524 | - | |
| cisco | nexus_3524-x | - | |
| cisco | nexus_3524-xl | - | |
| cisco | nexus_3548 | - | |
| cisco | nexus_3548-x | - | |
| cisco | nexus_3548-xl | - | |
| cisco | nexus_36180yc-r | - | |
| cisco | nexus_9232e | - | |
| cisco | nexus_92348gc-x | - | |
| cisco | nexus_9408 | - | |
| cisco | nexus_9504 | - | |
| cisco | nexus_9508 | - | |
| cisco | nexus_9516 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8CE0E36D-08A6-48D5-A364-AC066F30F3CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C84D24C-2256-42AF-898A-221EBE9FE1E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA52D5C1-13D8-4D23-B022-954CCEF491F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5D5E2-B40B-475D-9EF3-8441016E37E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device."
}
],
"id": "CVE-2023-20169",
"lastModified": "2024-11-21T07:40:44.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-23T19:15:07.893",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-788"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-20169
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-20169",
"id": "GSD-2023-20169"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-20169"
],
"details": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.",
"id": "GSD-2023-20169",
"modified": "2023-12-13T01:20:28.198842Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2023-20169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco NX-OS Software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.3(2)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-788",
"lang": "eng",
"value": "Access of Memory Location After End of Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"refsource": "MISC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
}
]
},
"source": {
"advisory": "cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb",
"defects": [
"CSCwe11136"
],
"discovery": "INTERNAL"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:10.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8CE0E36D-08A6-48D5-A364-AC066F30F3CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C84D24C-2256-42AF-898A-221EBE9FE1E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34200yc-sm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA52D5C1-13D8-4D23-B022-954CCEF491F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9232e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83DA8BFA-D7A2-476C-A6F5-CAE610033BC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D5D5E2-B40B-475D-9EF3-8441016E37E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device."
}
],
"id": "CVE-2023-20169",
"lastModified": "2024-01-25T17:15:32.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
]
},
"published": "2023-08-23T19:15:07.893",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-788"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…