mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
243 lines
8.6 KiB
JSON
243 lines
8.6 KiB
JSON
{
|
|
"id": "CVE-2020-3170",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2020-02-26T17:15:13.140",
|
|
"lastModified": "2020-03-03T21:19:47.410",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en la funcionalidad NX-API de Cisco NX-OS Software, podr\u00eda permitir a un atacante remoto no autenticado causar que un proceso del sistema NX-API se reinicie inesperadamente. La vulnerabilidad es debido a una comprobaci\u00f3n incorrecta del encabezado HTTP de una petici\u00f3n que es enviada hacia la NX-API. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada hacia la NX-API sobre un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el servicio NX-API; sin embargo, el dispositivo Cisco NX-OS por s\u00ed mismo estar\u00eda a\u00fan disponible y pasando tr\u00e1fico de red. Nota: La funcionalidad NX-API est\u00e1 deshabilitada por defecto."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "8.4\\(1\\)",
|
|
"matchCriteriaId": "13555705-A800-43A9-9A74-CA3243B97ECB"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9132t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "56426D35-FCFD-406E-9144-2E66C8C86EFC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D25FA4A8-408B-4E94-B7D9-7DC54B61322F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9148t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "831B6D0F-A975-4CBA-B5BB-0AC4AD718FE8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9216:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A72BDC4-6640-45CC-A128-0CDEE38D3ADC"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9216a:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "90094569-AA2C-4D35-807F-9551FACE255F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9216i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "306AFBC9-A236-4D03-A1EB-CE7E838D8415"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9222i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12DB1A25-A7C9-412F-88BC-E89588896395"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9506:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3925D2CF-9D7C-4498-8AF2-45E15D5D009F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9509:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C677D356-86C9-4491-A6CA-5E6306B2BB70"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9513:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "28A3C579-7AAD-41A4-947F-CCB9B09402A5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5182CB50-4D32-4835-B1A8-817D989F919F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36B3B617-7554-4C36-9B41-19AA3BD2F6E9"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:mds_9718:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B88879A9-A7F5-41E0-8A38-0E09E3FD27F4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "8.2\\(5\\)",
|
|
"matchCriteriaId": "BF541F60-D6BE-4F6C-A66D-B606411CE6E9"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-api-dos",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |