CVE-2020-3496

high-risk

Published 2020-08-26

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

Do I need to act?

0.35% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Sg250X-48 Firmware

Sg200-50 Firmware

Sg200-50P Firmware

Sg200-50Fp Firmware

Sg200-26 Firmware

Sg200-26P Firmware

Sg200-26Fp Firmware

Sg200-18 Firmware

Sg200-10Fp Firmware

Sg200-08 Firmware

Sg200-08P Firmware

Sf200-24 Firmware

Sf200-24P Firmware

Sf200-24Fp Firmware

Sf200-48 Firmware

Sf200-48P Firmware

Sf302-08Pp Firmware

Sf302-08Mpp Firmware

Sg300-10Pp Firmware

Sg300-10Mpp Firmware

Affected Vendors

Cisco

References (2)

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...

/ 100

high-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 31/34 · Critical