CVE-2020-3170: Cisco NX-OS Software NX-API Denial of Service Vulnerability
First published: Wed Feb 26 2020(Updated: )
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | <8.4\(1\) | |
| Cisco MDS 9132T | ||
| Cisco MDS 9148S | ||
| Cisco MDS 9148T | ||
| Cisco MDS 9216 | ||
| Cisco MDS 9216 | ||
| Cisco MDS 9216 | ||
| Cisco MDS 9222i | ||
| Cisco MDS 9500 | ||
| Cisco MDS 9500 | ||
| Cisco MDS 9513 Firmware | ||
| Cisco MDS 9706 Firmware | ||
| Cisco MDS 9710 Firmware | ||
| Cisco MDS 9718 Firmware | ||
| Cisco NX-OS | <8.2\(5\) | |
| Cisco Nexus 7000 | ||
| Cisco Nexus 7700 series |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3170?
CVE-2020-3170 is a vulnerability in the NX-API feature of Cisco NX-OS Software that could allow an unauthenticated remote attacker to cause a system process to unexpectedly restart.
How severe is CVE-2020-3170?
CVE-2020-3170 has a severity value of 5.3, which is classified as medium.
How does CVE-2020-3170 affect Cisco NX-OS Software?
CVE-2020-3170 affects Cisco NX-OS Software versions up to 8.4(1).
What is the Common Vulnerabilities and Exposures (CVE) ID for this vulnerability?
The Common Vulnerabilities and Exposures (CVE) ID for this vulnerability is CVE-2020-3170.
How can I fix the vulnerability described in CVE-2020-3170?
To fix the vulnerability, it is recommended to upgrade Cisco NX-OS Software to a version above 8.4(1).
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- canonical/cisco mds 9132t
- canonical/cisco mds 9148s
- canonical/cisco mds 9148t
- canonical/cisco mds 9216
- canonical/cisco mds 9222i
- canonical/cisco mds 9500
- canonical/cisco mds 9513 firmware
- canonical/cisco mds 9706 firmware
- canonical/cisco mds 9710 firmware
- canonical/cisco mds 9718 firmware
- canonical/cisco nexus 7000
- canonical/cisco nexus 7700 series