vulnerability

Cisco NX-OS: Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability (CVE-2020-3174)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:L/Au:N/C:N/I:P/A:N)	Feb 26, 2020	Jun 15, 2020	Dec 21, 2022

Severity

CVSS

(AV:A/AC:L/Au:N/C:N/I:P/A:N)

Published

Feb 26, 2020

Added

Jun 15, 2020

Modified

Dec 21, 2022

Description

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.

Solution

update-nxos

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today