CVE-2023-20169

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:10.3\(2\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132c-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-v:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3232:-:::::::*
	cpe:2.3:h:cisco:nexus_3264c-e:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3408-s:-:::::::*
	cpe:2.3:h:cisco:nexus_34180yc:-:::::::*
	cpe:2.3:h:cisco:nexus_34200yc-sm:-:::::::*
	cpe:2.3:h:cisco:nexus_3432d-s:-:::::::*
	cpe:2.3:h:cisco:nexus_3464c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_9232e:-:::::::*
	cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9408:-:::::::*
	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*

History

25 Jan 2024, 17:15

Type	Values Removed	Values Added
CWE		CWE-788

22 Dec 2023, 14:59

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.4

31 Aug 2023, 15:00

Type	Values Removed	Values Added
CPE		cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::* cpe:2.3:h:cisco:nexus_3548:-:::::::* cpe:2.3:h:cisco:nexus_3524-x:-:::::::* cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::* cpe:2.3:h:cisco:nexus_9232e:-:::::::* cpe:2.3:h:cisco:nexus_34200yc-sm:-:::::::* cpe:2.3:h:cisco:nexus_3172pq:-:::::::* cpe:2.3:h:cisco:nexus_31128pq:-:::::::* cpe:2.3:h:cisco:nexus_3548-xl:-:::::::* cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::* cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::* cpe:2.3:h:cisco:nexus_3264q:-:::::::* cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3232:-:::::::* cpe:2.3:h:cisco:nexus_3264c-e:-:::::::* cpe:2.3:h:cisco:nexus_9516:-:::::::* cpe:2.3:h:cisco:nexus_3132q-v:-:::::::* cpe:2.3:h:cisco:nexus_9408:-:::::::* cpe:2.3:h:cisco:nexus_3464c:-:::::::* cpe:2.3:h:cisco:nexus_3432d-s:-:::::::* cpe:2.3:h:cisco:nexus_3548-x:-:::::::* cpe:2.3:h:cisco:nexus_9508:-:::::::* cpe:2.3:o:cisco:nx-os:10.3\(2\):::::::* cpe:2.3:h:cisco:nexus_3132c-z:-:::::::* cpe:2.3:h:cisco:nexus_3172tq:-:::::::* cpe:2.3:h:cisco:nexus_3048:-:::::::* cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::* cpe:2.3:h:cisco:nexus_34180yc:-:::::::* cpe:2.3:h:cisco:nexus_3524-xl:-:::::::* cpe:2.3:h:cisco:nexus_3164q:-:::::::* cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::* cpe:2.3:h:cisco:nexus_3408-s:-:::::::* cpe:2.3:h:cisco:nexus_9504:-:::::::* cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::* cpe:2.3:h:cisco:nexus_3524:-:::::::*
CWE		CWE-20
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~(MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb -~~	(MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb - Vendor Advisory
First Time		Cisco nexus 34180yc Cisco nexus 3264c-e Cisco nexus 3172tq-32t Cisco nexus 3264q Cisco nexus 9504 Cisco nexus 3172pq-xl Cisco nx-os Cisco nexus 3172pq Cisco nexus 36180yc-r Cisco nexus 9232e Cisco nexus 9408 Cisco nexus 3524-x Cisco nexus 3132q-v Cisco nexus 31108tc-v Cisco nexus 31108pc-v Cisco nexus 3048 Cisco nexus 3524-xl Cisco nexus 3548-x Cisco nexus 3524 Cisco nexus 3172tq-xl Cisco Cisco nexus 3432d-s Cisco nexus 3548-xl Cisco nexus 3464c Cisco nexus 3548 Cisco nexus 3172tq Cisco nexus 3232 Cisco nexus 31128pq Cisco nexus 92348gc-x Cisco nexus 9508 Cisco nexus 9516 Cisco nexus 3132c-z Cisco nexus 3408-s Cisco nexus 3132q-xl Cisco nexus 34200yc-sm Cisco nexus 3164q

23 Aug 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-23 19:15

Updated : 2024-01-25 17:15

NVD link : CVE-2023-20169

Mitre link : CVE-2023-20169

CVE.ORG link : CVE-2023-20169

JSON object : View

Products Affected

cisco

nexus_3132q-v
nexus_3548-xl
nexus_3132c-z
nexus_3548-x
nexus_34180yc
nexus_3524
nexus_3548
nexus_3432d-s
nexus_9232e
nexus_31108tc-v
nexus_3164q
nexus_3464c
nexus_3232
nexus_36180yc-r
nexus_3132q-xl
nexus_3408-s
nx-os
nexus_3172pq-xl
nexus_3172tq
nexus_9508
nexus_9504
nexus_34200yc-sm
nexus_3264q
nexus_3524-xl
nexus_31128pq
nexus_31108pc-v
nexus_9516
nexus_3264c-e
nexus_3172tq-xl
nexus_3048
nexus_9408
nexus_92348gc-x
nexus_3172tq-32t
nexus_3524-x
nexus_3172pq

CWE

CWE-20

Improper Input Validation

CWE-788

Access of Memory Location After End of Buffer

7.4 /10