A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 05:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arpĀ - Vendor Advisory |
Information
Published : 2020-02-26 17:15
Updated : 2024-11-21 05:30
NVD link : CVE-2020-3174
Mitre link : CVE-2020-3174
CVE.ORG link : CVE-2020-3174
JSON object : View
Products Affected
cisco
- nexus_9348gc-fxp
- mds_9710
- mds_9148t
- nexus_3064-t
- nexus_9516
- nexus_9332c
- nexus_92160yc-x
- nx-os
- mds_9216i
- nexus_3172
- mds_9132t
- nexus_93240yc-fx2
- nexus_3464c
- nexus_9372px-e
- nexus_7700
- nexus_92300yc
- nexus_3432d-s
- nexus_9372px
- mds_9718
- mds_9513
- nexus_3548-x
- nexus_34180yc
- nexus_36180yc-r
- nexus_9504
- nexus_3264q
- nexus_9372tx-e
- nexus_3524-x
- nexus_3548-xl
- nexus_31128pq
- nexus_93360yc-fx2
- nexus_9396tx
- nexus_3636c-r
- nexus_9000v
- nexus_3548
- nexus_9364c
- nexus_9508
- nexus_3172tq
- nexus_93120tx
- nexus_92348gc-x
- nexus_92304qc
- nexus_3132q-v
- nexus_9336c-fx2
- mds_9222i
- mds_9506
- mds_9148s
- nexus_7000
- mds_9706
- nexus_93216tc-fx2
- nexus_3264c-e
- nexus_93108tc-fx
- nexus_93180lc-ex
- nexus_3408-s
- nexus_31108pc-v
- nexus_93180yc-ex
- nexus_3132q
- nexus_9396px
- nexus_93128tx
- nexus_93108tc-ex
- nexus_3016
- nexus_9236c
- nexus_3524-xl
- nexus_3172pq-xl
- nexus_3048
- nexus_93180yc-fx
- nexus_31108tc-v
- nexus_3164q
- nexus_3524
- nexus_3132q-xl
- nexus_3232c_
- mds_9216
- nexus_3064
- nexus_3132c-z
- mds_9509
- nexus_3172tq-32t
- nexus_3172tq-xl
- mds_9216a
- nexus_9372tx
- nexus_9332pq
- nexus_9336pq_aci_spine
- nexus_9272q
CWE
CWE-345
Insufficient Verification of Data Authenticity