Detections
Analytics
Cisco NX-OS Software IPv6 Protocol Independent Multicast DoS (cisco-sa-nxos-pim-memleak-dos-tC8eP7uw)
high Nessus Plugin ID 139922
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability due to improper error handling when processing inbound PIM6 packets. An unauthenticated, remote attacker can exploit this, by sending multiple crafted PIM6 packets to an affected device, in order to cause the PIM6 application to leak system memory and stop processing legitimate PIM6 traffic, leading to a DoS condition on the affected device.Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvr91853, CSCvr97684See Also
http://www.nessus.org/u?319c006d
http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74239
Plugin Details
Severity: High
ID: 139922
File Name: cisco-sa-nxos-pim-memleak-dos-tC8eP7uw.nasl
Version: 1.9
Type: combined
Family: CISCO
Published: 8/28/2020
Updated: 3/8/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2020-3338
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nx-os
Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device
Exploit Ease: No known exploits are available
Patch Publication Date: 8/26/2020
Vulnerability Publication Date: 8/26/2020
Reference Information
CVE: CVE-2020-3338
CWE: 404
CISCO-SA: cisco-sa-nxos-pim-memleak-dos-tC8eP7uw
IAVA: 2020-A-0394-S
CISCO-BUG-ID: CSCvr91853, CSCvr97684