PT-2020-1991 · Cisco · Cisco Nexus 1000V Switch For Vmware Vsphere+1

Published

2020-02-26

Updated

2020-03-05

CVE-2020-3168

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V Switch for VMware vSphere (affected versions not specified)

Description The issue is related to improper resource allocation during failed CLI login attempts when login parameters are configured on an affected device. An attacker could exploit this by performing a high amount of login attempts against the affected device, causing it to become inaccessible to other users and resulting in a denial of service (DoS) condition. This requires a manual power cycle of the VSM to recover.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-400

Related Identifiers

BDU:2020-01308

CVE-2020-3168

Affected Products

Cisco Nexus

Cisco Nexus 1000V Switch For Vmware Vsphere

PT-2020-1991 · Cisco · Cisco Nexus 1000V Switch For Vmware Vsphere+1

CVE-2020-3168

Weakness Enumeration

Related Identifiers

Affected Products

References · 6