Denial of Service Vulnerability in Cisco Nexus 3000 and 9000 Series Switches
CVE-2023-20169

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco NX-OS Software
Vendor: CVE Published:; 23 August 2023

Summary

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software used by Cisco Nexus 3000 and 9000 Series Switches allows an unauthenticated, adjacent attacker to disrupt the IS-IS process. This vulnerability stems from insufficient input validation when processing incoming IS-IS packets. By sending specially crafted packets to an affected device, an attacker can force the IS-IS process to restart unexpectedly, leading to a potential denial of service condition and a complete reload of the affected device. Attackers must be Layer 2 adjacent to exploit this flaw, highlighting the importance of network segmentation and vigilant access control.

Affected Version(s)

Cisco NX-OS Software 10.3(2)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2023
Vulnerability Reserved
Oct 27, 2022