Vulnerability Details : CVE-2020-3174
A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.
Products affected by CVE-2020-3174
- cpe:2.3:o:cisco:nx-os:8.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:9.3\(1\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:8.4\(1\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-3174
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-3174
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:P/A:N |
6.5
|
2.9
|
NIST | |
|
4.7
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
2.8
|
1.4
|
Cisco Systems, Inc. | |
|
4.7
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-3174
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2020-3174
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp
Cisco NX-OS Software Anycast Gateway Invalid ARP VulnerabilityVendor Advisory
Jump to