Main Vulnerability Database SB2020022717

SB2020022717 - Insufficient verification of data authenticity in Cisco NX-OS Software

Published: February 27, 2020 Updated: February 27, 2020

Security Bulletin ID SB2020022717

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2020-3174)

The vulnerability allows a remote attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries.

The vulnerability exists due to improper validation of a received gratuitous ARP (GARP) request in the anycast gateway feature. A remote attacker on the local network can send a malicious GARP packet to cause the ARP table on the device to become corrupted and populate the ARP table with incorrect entries, which could lead to traffic disruptions.

This vulnerability affects the following products if they are running a vulnerable release of Cisco NX-OS Software and had the anycast gateway feature enabled:

Nexus 3000 Series Switches
Nexus 7000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp