CVE-2020-3165: Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability
First published: Wed Feb 26 2020(Updated: )
A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system’s trusted network.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Nx-os | =9.2\(1\) | |
| Cisco Nx-os | =9.2\(2\) | |
| Cisco Nx-os | =9.2\(3\) | |
| Cisco Nx-os | =9.3\(1\) | |
| Cisco Nexus 3016 | ||
| Cisco Nexus 3048 | ||
| Cisco Nexus 3064 | ||
| Cisco Nexus 3064-t | ||
| Cisco Nexus 31108pc-v | ||
| Cisco Nexus 31108tc-v | ||
| Cisco Nexus 31128pq | ||
| Cisco Nexus 3132c-z | ||
| Cisco Nexus 3132q | ||
| Cisco Nexus 3132q-v | ||
| Cisco Nexus 3132q-xl | ||
| Cisco Nexus 3164q | ||
| Cisco Nexus 3172 | ||
| Cisco Nexus 3172pq-xl | ||
| Cisco Nexus 3172tq | ||
| Cisco Nexus 3172tq-32t | ||
| Cisco Nexus 3172tq-xl | ||
| Cisco Nexus 3232c | ||
| Cisco Nexus 3264c-e | ||
| Cisco Nexus 3264q | ||
| Cisco Nexus 3408-s | ||
| Cisco Nexus 34180yc | ||
| Cisco Nexus 3432d-s | ||
| Cisco Nexus 3464c | ||
| Cisco Nexus 3524 | ||
| Cisco Nexus 3524-x | ||
| Cisco Nexus 3524-xl | ||
| Cisco Nexus 3548 | ||
| Cisco Nexus 3548-x | ||
| Cisco Nexus 3548-xl | ||
| Cisco Nexus 36180yc-r | ||
| Cisco Nexus 3636c-r | ||
| Cisco Nexus 9000v | ||
| Cisco Nexus 92160yc-x | ||
| Cisco Nexus 92300yc | ||
| Cisco Nexus 92304qc | ||
| Cisco Nexus 92348gc-x | ||
| Cisco Nexus 9236c | ||
| Cisco Nexus 9272q | ||
| Cisco Nexus 93108tc-ex | ||
| Cisco Nexus 93108tc-fx | ||
| Cisco Nexus 93120tx | ||
| Cisco Nexus 93128tx | ||
| Cisco Nexus 93180lc-ex | ||
| Cisco Nexus 93180yc-ex | ||
| Cisco Nexus 93180yc-fx | ||
| Cisco Nexus 93216tc-fx2 | ||
| Cisco Nexus 93240yc-fx2 | ||
| Cisco Nexus 9332c | ||
| Cisco Nexus 9332pq | ||
| Cisco Nexus 93360yc-fx2 | ||
| Cisco Nexus 9336c-fx2 | ||
| Cisco Nexus 9336pq Aci Spine | ||
| Cisco Nexus 9348gc-fxp | ||
| Cisco Nexus 9364c | ||
| Cisco Nexus 9372px | ||
| Cisco Nexus 9372px-e | ||
| Cisco Nexus 9372tx | ||
| Cisco Nexus 9372tx-e | ||
| Cisco Nexus 9396px | ||
| Cisco Nexus 9396tx | ||
| Cisco Nexus 9504 | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9516 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3165?
CVE-2020-3165 is a vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software.
How does CVE-2020-3165 affect Cisco NX-OS Software?
CVE-2020-3165 allows an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device.
What is the severity of CVE-2020-3165?
The severity of CVE-2020-3165 is high with a CVSS score of 8.2.
How can I fix CVE-2020-3165?
To fix CVE-2020-3165, it is recommended to upgrade to a fixed software release as mentioned in the Cisco Security Advisory.
Where can I find more information about CVE-2020-3165?
You can find more information about CVE-2020-3165 in the Cisco Security Advisory linked in the references.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/9.2\(1\)
- version/cisco nx-os/9.2\(2\)
- version/cisco nx-os/9.2\(3\)
- version/cisco nx-os/9.3\(1\)
- canonical/cisco nexus 3016
- canonical/cisco nexus 3048
- canonical/cisco nexus 3064
- canonical/cisco nexus 3064-t
- canonical/cisco nexus 31108pc-v
- canonical/cisco nexus 31108tc-v
- canonical/cisco nexus 31128pq
- canonical/cisco nexus 3132c-z
- canonical/cisco nexus 3132q
- canonical/cisco nexus 3132q-v
- canonical/cisco nexus 3132q-xl
- canonical/cisco nexus 3164q
- canonical/cisco nexus 3172
- canonical/cisco nexus 3172pq-xl
- canonical/cisco nexus 3172tq
- canonical/cisco nexus 3172tq-32t
- canonical/cisco nexus 3172tq-xl
- canonical/cisco nexus 3232c
- canonical/cisco nexus 3264c-e
- canonical/cisco nexus 3264q
- canonical/cisco nexus 3408-s
- canonical/cisco nexus 34180yc
- canonical/cisco nexus 3432d-s
- canonical/cisco nexus 3464c
- canonical/cisco nexus 3524
- canonical/cisco nexus 3524-x
- canonical/cisco nexus 3524-xl
- canonical/cisco nexus 3548
- canonical/cisco nexus 3548-x
- canonical/cisco nexus 3548-xl
- canonical/cisco nexus 36180yc-r
- canonical/cisco nexus 3636c-r
- canonical/cisco nexus 9000v
- canonical/cisco nexus 92160yc-x
- canonical/cisco nexus 92300yc
- canonical/cisco nexus 92304qc
- canonical/cisco nexus 92348gc-x
- canonical/cisco nexus 9236c
- canonical/cisco nexus 9272q
- canonical/cisco nexus 93108tc-ex
- canonical/cisco nexus 93108tc-fx
- canonical/cisco nexus 93120tx
- canonical/cisco nexus 93128tx
- canonical/cisco nexus 93180lc-ex
- canonical/cisco nexus 93180yc-ex
- canonical/cisco nexus 93180yc-fx
- canonical/cisco nexus 93216tc-fx2
- canonical/cisco nexus 93240yc-fx2
- canonical/cisco nexus 9332c
- canonical/cisco nexus 9332pq
- canonical/cisco nexus 93360yc-fx2
- canonical/cisco nexus 9336c-fx2
- canonical/cisco nexus 9336pq aci spine
- canonical/cisco nexus 9348gc-fxp
- canonical/cisco nexus 9364c
- canonical/cisco nexus 9372px
- canonical/cisco nexus 9372px-e
- canonical/cisco nexus 9372tx
- canonical/cisco nexus 9372tx-e
- canonical/cisco nexus 9396px
- canonical/cisco nexus 9396tx
- canonical/cisco nexus 9504
- canonical/cisco nexus 9508
- canonical/cisco nexus 9516