What is the severity of CVE-2020-3172?

CVE-2020-3172 is rated as Critical, allowing unauthorized attackers to execute arbitrary code or cause denial of service.

How do I fix CVE-2020-3172?

To fix CVE-2020-3172, upgrade to the latest Cisco FXOS or NX-OS Software version as specified in the security advisory.

What devices are affected by CVE-2020-3172?

CVE-2020-3172 affects various Cisco FXOS and NX-OS devices, including the Firepower Extensible Operating System and multiple Cisco Nexus models.

Can CVE-2020-3172 be exploited remotely?

No, CVE-2020-3172 requires an adjacent attacker to exploit the vulnerability, meaning they need to be on the same local network.

Is there a workaround for CVE-2020-3172?

Currently, there are no specific workarounds for CVE-2020-3172 other than applying the recommended software updates.

Vulnerability/
CVE-2020-3172

high

8.8

CWE

20 119

26/2/2020

15/11/2024

CVE-2020-3172: Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability

First published: Wed Feb 26 2020(Updated: )

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Note: This vulnerability is different from the following Cisco FXOS and NX-OS Software Cisco Discovery Protocol vulnerabilities that Cisco announced on Feb. 5, 2020: Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability and Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Firepower Extensible Operating System	<2.6.1.187
Cisco Firepower Extensible Operating System	>=2.7<2.7.1.106
Cisco Firepower 4110 Next-Generation Firewall
Cisco Firepower 4115
Cisco Firepower 4120 Next-Generation Firewall
Cisco Firepower 4125 firmware
Cisco Firepower 4140 Next-Generation Firewall
Cisco Firepower 4145 firmware
Cisco Firepower 4150 Next-Generation Firewall
Cisco Firepower 9300 firmware
Cisco UCS Manager	<3.2\(3n\)
Cisco UCS Manager	>=4.0<4.0\(4g\)
Cisco UCS 6248UP
Cisco UCS 6296UP
Cisco UCS 6324 firmware
Cisco UCS 6332
Cisco UCS 6332-16UP
Cisco NX-OS
Cisco MDS 9132T
Cisco MDS 9148S
Cisco MDS 9148T
Cisco MDS 9216
Cisco MDS 9216
Cisco MDS 9216
Cisco MDS 9222i
Cisco MDS 9500
Cisco MDS 9500
Cisco MDS 9513 Firmware
Cisco MDS 9706 Firmware
Cisco MDS 9710 Firmware
Cisco MDS 9718 Firmware
Cisco NX-OS	=5.2\(1\)sv5\(1.2\)
Cisco NX-OS	=5.2\(1\)sv5\(1.2\)
Cisco Nexus 1000V for Hyper-V
Cisco Nexus 1000 Virtual Edge
Cisco Nexus 3016Q Firmware
Cisco Nexus 3048 Firmware
Cisco Nexus 3064 Firmware
Cisco Nexus 3064
Cisco Nexus 31108PC-V Firmware
Cisco Nexus 31108TC-V Firmware
Cisco Nexus 31128PQ
Cisco Nexus 3132C-Z Firmware
Cisco Nexus 3132Q-XL
Cisco Nexus 3132Q-V Firmware
Cisco Nexus 3132Q-XL Firmware
Cisco Nexus 3164Q Firmware
Cisco Nexus 3172 Firmware
Cisco Nexus 3172PQ-XL Firmware
Cisco Nexus 3172TQ Firmware
Cisco Nexus 3172TQ-XL
Cisco Nexus 3172TQ-XL Firmware
Cisco Nexus 3232C
Cisco Nexus 3264C-E Firmware
Cisco Nexus 3264Q Firmware
Cisco Nexus 3408-S Firmware
Cisco Nexus 34180YC Firmware
Cisco Nexus 3432D-S Firmware
Cisco Nexus 3464C Firmware
Cisco Nexus 3524-xl
Cisco Nexus 3524-xl
Cisco Nexus 3524-XL Firmware
Cisco Nexus 3548-X/XL Firmware
Cisco Nexus 3548-X/XL
Cisco Nexus 3548-X/XL
Cisco Nexus 36180YC-R Firmware
Cisco Nexus 3636C-R Firmware
Cisco NX-OS	=7.3\(5\)n1\(1\)
Cisco Nexus 5010
Cisco Nexus 5020
Cisco Nexus 5548P Firmware
Cisco Nexus 5548UP Firmware
Cisco Nexus 5596T Firmware
Cisco Nexus 5596UP Firmware
Cisco 56128p
Cisco Nexus 5624Q Firmware
Cisco Nexus 5648Q Firmware
Cisco Nexus 5672UP-16G
Cisco Nexus 5696Q Firmware
Cisco Nexus 6001 Firmware
Cisco Nexus 6004 Firmware
Cisco NX-OS	=7.3\(0\)d1\(0.140\)
Cisco NX-OS	=7.3\(0\)d1\(0.146\)
Cisco Nexus 7000
Cisco Nexus 7700 series
Cisco NX-OS	=7.0\(3\)i3\(0.191\)
Cisco NX-OS	=13.2\(7.230\)
Cisco NX-OS	=14.2\(1i\)
Cisco Nexus 92304QC Switch
Cisco Nexus 92348GC-X Switch
Cisco Nexus 9236C Switch
Cisco Nexus 9272Q Switch
Cisco Nexus
Cisco Nexus 93108TC-FX Switch
Cisco Nexus 93120TX Firmware
Cisco Nexus 93128 Firmware
Cisco Nexus 93180LC-EX Switch
Cisco Nexus 93180YC-EX-24
Cisco Nexus 93180YC-FX Firmware
Cisco Nexus 93216TC-FX2 Firmware
Cisco Nexus 93240YC-FX2 Firmware
Cisco Nexus 9332C Firmware
Cisco Nexus 9332PQ Firmware
Cisco Nexus 93360YC-FX2
Cisco Nexus 9336C-FX2 Firmware
Cisco Nexus N9336PQ-X
Cisco Nexus 9348GC-FXP Firmware
Cisco Nexus 9364c-h1
Cisco Nexus 9372PX-E
Cisco Nexus 9372PX-E Firmware
Cisco Nexus 9372TX
Cisco Nexus 9372TX-E Switch
Cisco Nexus 9396PX Firmware
Cisco Nexus 9396TX Firmware
Cisco Nexus 9504 firmware
Cisco Nexus 9508
Cisco Nexus 9516 firmware

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp

Frequently Asked Questions

What is the severity of CVE-2020-3172?
CVE-2020-3172 is rated as Critical, allowing unauthorized attackers to execute arbitrary code or cause denial of service.
How do I fix CVE-2020-3172?
To fix CVE-2020-3172, upgrade to the latest Cisco FXOS or NX-OS Software version as specified in the security advisory.
What devices are affected by CVE-2020-3172?
CVE-2020-3172 affects various Cisco FXOS and NX-OS devices, including the Firepower Extensible Operating System and multiple Cisco Nexus models.
Can CVE-2020-3172 be exploited remotely?
No, CVE-2020-3172 requires an adjacent attacker to exploit the vulnerability, meaning they need to be on the same local network.
Is there a workaround for CVE-2020-3172?
Currently, there are no specific workarounds for CVE-2020-3172 other than applying the recommended software updates.

agent/weakness
agent/type
agent/author
agent/description
agent/references
agent/severity
agent/title
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco firepower extensible operating system
version/cisco firepower extensible operating system/2.7
canonical/cisco firepower 4110 next-generation firewall
canonical/cisco firepower 4115
canonical/cisco firepower 4120 next-generation firewall
canonical/cisco firepower 4125 firmware
canonical/cisco firepower 4140 next-generation firewall
canonical/cisco firepower 4145 firmware
canonical/cisco firepower 4150 next-generation firewall
canonical/cisco firepower 9300 firmware
canonical/cisco ucs manager
version/cisco ucs manager/4.0
canonical/cisco ucs 6248up
canonical/cisco ucs 6296up
canonical/cisco ucs 6324 firmware
canonical/cisco ucs 6332
canonical/cisco ucs 6332-16up
canonical/cisco nx-os
canonical/cisco mds 9132t
canonical/cisco mds 9148s
canonical/cisco mds 9148t
canonical/cisco mds 9216
canonical/cisco mds 9222i
canonical/cisco mds 9500
canonical/cisco mds 9513 firmware
canonical/cisco mds 9706 firmware
canonical/cisco mds 9710 firmware
canonical/cisco mds 9718 firmware
version/cisco nx-os/5.2\(1\)sv5\(1.2\)
canonical/cisco nexus 1000v for hyper-v
canonical/cisco nexus 1000 virtual edge
canonical/cisco nexus 3016q firmware
canonical/cisco nexus 3048 firmware
canonical/cisco nexus 3064 firmware
canonical/cisco nexus 3064
canonical/cisco nexus 31108pc-v firmware
canonical/cisco nexus 31108tc-v firmware
canonical/cisco nexus 31128pq
canonical/cisco nexus 3132c-z firmware
canonical/cisco nexus 3132q-xl
canonical/cisco nexus 3132q-v firmware
canonical/cisco nexus 3132q-xl firmware
canonical/cisco nexus 3164q firmware
canonical/cisco nexus 3172 firmware
canonical/cisco nexus 3172pq-xl firmware
canonical/cisco nexus 3172tq firmware
canonical/cisco nexus 3172tq-xl
canonical/cisco nexus 3172tq-xl firmware
canonical/cisco nexus 3232c
canonical/cisco nexus 3264c-e firmware
canonical/cisco nexus 3264q firmware
canonical/cisco nexus 3408-s firmware
canonical/cisco nexus 34180yc firmware
canonical/cisco nexus 3432d-s firmware
canonical/cisco nexus 3464c firmware
canonical/cisco nexus 3524-xl
canonical/cisco nexus 3524-xl firmware
canonical/cisco nexus 3548-x/xl firmware
canonical/cisco nexus 3548-x/xl
canonical/cisco nexus 36180yc-r firmware
canonical/cisco nexus 3636c-r firmware
version/cisco nx-os/7.3\(5\)n1\(1\)
canonical/cisco nexus 5010
canonical/cisco nexus 5020
canonical/cisco nexus 5548p firmware
canonical/cisco nexus 5548up firmware
canonical/cisco nexus 5596t firmware
canonical/cisco nexus 5596up firmware
canonical/cisco 56128p
canonical/cisco nexus 5624q firmware
canonical/cisco nexus 5648q firmware
canonical/cisco nexus 5672up-16g
canonical/cisco nexus 5696q firmware
canonical/cisco nexus 6001 firmware
canonical/cisco nexus 6004 firmware
version/cisco nx-os/7.3\(0\)d1\(0.140\)
version/cisco nx-os/7.3\(0\)d1\(0.146\)
canonical/cisco nexus 7000
canonical/cisco nexus 7700 series
version/cisco nx-os/7.0\(3\)i3\(0.191\)
version/cisco nx-os/13.2\(7.230\)
version/cisco nx-os/14.2\(1i\)
canonical/cisco nexus 92304qc switch
canonical/cisco nexus 92348gc-x switch
canonical/cisco nexus 9236c switch
canonical/cisco nexus 9272q switch
canonical/cisco nexus
canonical/cisco nexus 93108tc-fx switch
canonical/cisco nexus 93120tx firmware
canonical/cisco nexus 93128 firmware
canonical/cisco nexus 93180lc-ex switch
canonical/cisco nexus 93180yc-ex-24
canonical/cisco nexus 93180yc-fx firmware
canonical/cisco nexus 93216tc-fx2 firmware
canonical/cisco nexus 93240yc-fx2 firmware
canonical/cisco nexus 9332c firmware
canonical/cisco nexus 9332pq firmware
canonical/cisco nexus 93360yc-fx2
canonical/cisco nexus 9336c-fx2 firmware
canonical/cisco nexus n9336pq-x
canonical/cisco nexus 9348gc-fxp firmware
canonical/cisco nexus 9364c-h1
canonical/cisco nexus 9372px-e
canonical/cisco nexus 9372px-e firmware
canonical/cisco nexus 9372tx
canonical/cisco nexus 9372tx-e switch
canonical/cisco nexus 9396px firmware
canonical/cisco nexus 9396tx firmware
canonical/cisco nexus 9504 firmware
canonical/cisco nexus 9508
canonical/cisco nexus 9516 firmware