1. Home
  2. CVE Database
  3. CVE-2020-3174
MEDIUM · 4.7

CVE-2020-3174

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. T...

Vulnerability Description

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
CiscoNx-Os8.1\(1\)
CiscoMds 9132T-
CiscoMds 9148S-
CiscoMds 9148T-
CiscoMds 9216-
CiscoMds 9216A-
CiscoMds 9216I-
CiscoMds 9222I-
CiscoMds 9506-
CiscoMds 9509-
CiscoMds 9513-
CiscoMds 9706-
CiscoMds 9710-
CiscoMds 9718-
CiscoNexus 3016-
CiscoNexus 3048-
CiscoNexus 3064-
CiscoNexus 3064-T-
CiscoNexus 31108Pc-V-
CiscoNexus 31108Tc-V-

Related Weaknesses (CWE)

CWE-345

References

FAQ

What is CVE-2020-3174?

CVE-2020-3174 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. T...

How severe is CVE-2020-3174?

CVE-2020-3174 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3174?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9132T, Cisco Mds 9148S, Cisco Mds 9148T, Cisco Mds 9216.