Vulnerability Details : CVE-2020-3338
A vulnerability in the Protocol Independent Multicast (PIM) feature for IPv6 networks (PIM6) of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper error handling when processing inbound PIM6 packets. An attacker could exploit this vulnerability by sending multiple crafted PIM6 packets to an affected device. A successful exploit could allow the attacker to cause the PIM6 application to leak system memory. Over time, this memory leak could cause the PIM6 application to stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.
Vulnerability category: Denial of service
Products affected by CVE-2020-3338
- cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-3338
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-3338
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Cisco Systems, Inc. | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-3338
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: ykramarz@cisco.com (Secondary)
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-3338
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-memleak-dos-tC8eP7uw
Cisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service VulnerabilityVendor Advisory
Jump to