Detections
Analytics

Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session DoS (cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp)

high Nessus Plugin ID 140131

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Border Gateway Protocol (BVP) Multicast VPN (MVPN) implementation due to incorrect parsing of a specific type of BGP MVPN update message. An unauthenticated, remote attacker can exploit this, by sending this BGP MVPN update message, in order to cause a partial denial of service (DoS) condition due to the BGP session being down.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvr60479

See Also

http://www.nessus.org/u?07d34ac4

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74239

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr60479

Plugin Details

Severity: High

ID: 140131

File Name: cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp.nasl

Version: 1.7

Type: combined

Family: CISCO

Published: 9/2/2020

Updated: 3/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-3398

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 8/26/2020

Vulnerability Publication Date: 8/26/2020

Reference Information

CVE: CVE-2020-3398

CWE: 20

CISCO-SA: cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp

IAVA: 2020-A-0394-S

CISCO-BUG-ID: CSCvr60479