CVE-2023-20169
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
23/08/2023
Last modified:
25/01/2024
Description
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.<br />
<br />
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.
Impact
Base Score 3.x
7.40
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:nx-os:10.3\(2\):*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3232:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page