{ "id": "CVE-2020-3170", "sourceIdentifier": "ykramarz@cisco.com", "published": "2020-02-26T17:15:13.140", "lastModified": "2020-03-03T21:19:47.410", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default." }, { "lang": "es", "value": "Una vulnerabilidad en la funcionalidad NX-API de Cisco NX-OS Software, podr\u00eda permitir a un atacante remoto no autenticado causar que un proceso del sistema NX-API se reinicie inesperadamente. La vulnerabilidad es debido a una comprobaci\u00f3n incorrecta del encabezado HTTP de una petici\u00f3n que es enviada hacia la NX-API. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada hacia la NX-API sobre un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servicio NX-API; sin embargo, el dispositivo Cisco NX-OS por s\u00ed mismo estar\u00eda a\u00fan disponible y pasando tr\u00e1fico de red. Nota: La funcionalidad NX-API est\u00e1 deshabilitada por defecto." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] }, { "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.4\\(1\\)", "matchCriteriaId": "13555705-A800-43A9-9A74-CA3243B97ECB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9132t:-:*:*:*:*:*:*:*", "matchCriteriaId": "56426D35-FCFD-406E-9144-2E66C8C86EFC" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D25FA4A8-408B-4E94-B7D9-7DC54B61322F" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9148t:-:*:*:*:*:*:*:*", "matchCriteriaId": "831B6D0F-A975-4CBA-B5BB-0AC4AD718FE8" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9216:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A72BDC4-6640-45CC-A128-0CDEE38D3ADC" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9216a:-:*:*:*:*:*:*:*", "matchCriteriaId": "90094569-AA2C-4D35-807F-9551FACE255F" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9216i:-:*:*:*:*:*:*:*", "matchCriteriaId": "306AFBC9-A236-4D03-A1EB-CE7E838D8415" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9222i:-:*:*:*:*:*:*:*", "matchCriteriaId": "12DB1A25-A7C9-412F-88BC-E89588896395" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9506:-:*:*:*:*:*:*:*", "matchCriteriaId": "3925D2CF-9D7C-4498-8AF2-45E15D5D009F" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9509:-:*:*:*:*:*:*:*", "matchCriteriaId": "C677D356-86C9-4491-A6CA-5E6306B2BB70" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9513:-:*:*:*:*:*:*:*", "matchCriteriaId": "28A3C579-7AAD-41A4-947F-CCB9B09402A5" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*", "matchCriteriaId": "5182CB50-4D32-4835-B1A8-817D989F919F" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*", "matchCriteriaId": "36B3B617-7554-4C36-9B41-19AA3BD2F6E9" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:mds_9718:-:*:*:*:*:*:*:*", "matchCriteriaId": "B88879A9-A7F5-41E0-8A38-0E09E3FD27F4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.2\\(5\\)", "matchCriteriaId": "BF541F60-D6BE-4F6C-A66D-B606411CE6E9" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3" }, { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45" } ] } ] } ], "references": [ { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-api-dos", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }