Denial of Service Vulnerability in Cisco Nexus Dashboard Software
CVE-2023-20014

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Nexus Dashboard
Vendor
CVE Published:
1 March 2023

Summary

A vulnerability exists in the DNS functionality of Cisco Nexus Dashboard Software that could be exploited by an unauthenticated remote attacker. The issue arises from improper processing of DNS requests, enabling an attacker to send a continuous stream of DNS queries to the affected device. This exploitation could lead to a disruption of the coredns service, either causing it to stop functioning or forcing the device to reboot, resulting in a Denial of Service condition.

Affected Version(s)

Cisco Nexus Dashboard 1.1(0c)

Cisco Nexus Dashboard 1.1(0d)

Cisco Nexus Dashboard 1.1(2h)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.