CVE-2023-20169
Summary
| CVE | CVE-2023-20169 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-23 19:15:00 UTC |
| Updated | 2024-01-25 17:15:00 UTC |
| Description | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Nexus 3048 | - | All | All | All |
| Hardware | Cisco | Nexus 31108pc-v | - | All | All | All |
| Hardware | Cisco | Nexus 31108tc-v | - | All | All | All |
| Hardware | Cisco | Nexus 31128pq | - | All | All | All |
| Hardware | Cisco | Nexus 3132c-z | - | All | All | All |
| Hardware | Cisco | Nexus 3132q-v | - | All | All | All |
| Hardware | Cisco | Nexus 3132q-xl | - | All | All | All |
| Hardware | Cisco | Nexus 3164q | - | All | All | All |
| Hardware | Cisco | Nexus 3172pq | - | All | All | All |
| Hardware | Cisco | Nexus 3172pq-xl | - | All | All | All |
| Hardware | Cisco | Nexus 3172tq | - | All | All | All |
| Hardware | Cisco | Nexus 3172tq-32t | - | All | All | All |
| Hardware | Cisco | Nexus 3172tq-xl | - | All | All | All |
| Hardware | Cisco | Nexus 3232 | - | All | All | All |
| Hardware | Cisco | Nexus 3264c-e | - | All | All | All |
| Hardware | Cisco | Nexus 3264q | - | All | All | All |
| Hardware | Cisco | Nexus 3408-s | - | All | All | All |
| Hardware | Cisco | Nexus 34180yc | - | All | All | All |
| Hardware | Cisco | Nexus 34200yc-sm | - | All | All | All |
| Hardware | Cisco | Nexus 3432d-s | - | All | All | All |
| Hardware | Cisco | Nexus 3464c | - | All | All | All |
| Hardware | Cisco | Nexus 3524 | - | All | All | All |
| Hardware | Cisco | Nexus 3524-x | - | All | All | All |
| Hardware | Cisco | Nexus 3524-xl | - | All | All | All |
| Hardware | Cisco | Nexus 3548 | - | All | All | All |
| Hardware | Cisco | Nexus 3548-x | - | All | All | All |
| Hardware | Cisco | Nexus 3548-xl | - | All | All | All |
| Hardware | Cisco | Nexus 36180yc-r | - | All | All | All |
| Hardware | Cisco | Nexus 9232e | - | All | All | All |
| Hardware | Cisco | Nexus 92348gc-x | - | All | All | All |
| Hardware | Cisco | Nexus 9408 | - | All | All | All |
| Hardware | Cisco | Nexus 9504 | - | All | All | All |
| Hardware | Cisco | Nexus 9508 | - | All | All | All |
| Hardware | Cisco | Nexus 9516 | - | All | All | All |
| Operating System | Cisco | Nx-os | 10.3\(2\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability | MISC | sec.cloudapps.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.