Cisco NX-OS Software NX-API Denial of Service Vulnerability
CVE-2020-3170

5.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Nx-os Software 7.3(2)d1(1d)
Vendor: CVE Published:; 26 February 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.

Affected Version(s)

Cisco NX-OS Software 7.3(2)D1(1d) < unspecified

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Feb 26, 2020
Vulnerability Reserved
Dec 12, 2019