Detections
Analytics

Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability

high Nessus Plugin ID 134417

Language:

Synopsis

The remote device is vulnerable to denial of service (DoS) due to missing patch. (cisco-sa-20200226-nexus-1000v-dos)

Description

A denial of service (DoS) vulnerability exists in Cisco Nexus 1000V Switch due to issues with the Secure Login Enhancements. An unauthenticated, remote attacker can exploit this issue, via overloading the login system, to cause the system to stop responding.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvp26722

See Also

http://www.nessus.org/u?1001187e

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-73749

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp26722

Plugin Details

Severity: High

ID: 134417

File Name: cisco-sa-20200226-nexus-1000v-dos.nasl

Version: 1.8

Type: combined

Family: CISCO

Published: 3/11/2020

Updated: 5/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2020-3168

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 2/26/2020

Vulnerability Publication Date: 2/26/2020

Reference Information

CVE: CVE-2020-3168

CWE: 399

CISCO-SA: cisco-sa-20200226-nexus-1000v-dos

IAVA: 2020-A-0087

CISCO-BUG-ID: CSCvp26722