CVE-2020-3363
high-risk
Published 2020-08-17
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.
Do I need to act?
-
0.64% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Sg250X-24 Firmware
Sg250X-24P Firmware
Sg250X-48 Firmware
Sg250X-48P Firmware
Sg250-08 Firmware
Sg250-08Hp Firmware
Sg250-10P Firmware
Sg250-18 Firmware
Sg250-26 Firmware
Sg250-26Hp Firmware
Sg250-26P Firmware
Sg250-50 Firmware
Sg250-50Hp Firmware
Sg250-50P Firmware
Sf250-24 Firmware
Sf250-24P Firmware
Sf250-48 Firmware
Sf250-48Hp Firmware
Affected Vendors
References (2)
62
/ 100
high-risk
Severity
29/34 · Critical
Exploitability
2/34 · Minimal
Exposure
31/34 · Critical