5.3

CVE-2020-3170

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.

Data is provided by the National Vulnerability Database (NVD)
CiscoNx-os Version < 8.4\(1\)
   CiscoMds 9132t Version-
   CiscoMds 9148s Version-
   CiscoMds 9148t Version-
   CiscoMds 9216 Version-
   CiscoMds 9216a Version-
   CiscoMds 9216i Version-
   CiscoMds 9222i Version-
   CiscoMds 9506 Version-
   CiscoMds 9509 Version-
   CiscoMds 9513 Version-
   CiscoMds 9706 Version-
   CiscoMds 9710 Version-
   CiscoMds 9718 Version-
CiscoNx-os Version < 8.2\(5\)
   CiscoNexus 7000 Version-
   CiscoNexus 7700 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.4% 0.598
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.