Vulnslist

find the latest Cisco vulnerabilities

Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability

cisco-sa-nxos-dme-rce-cbE3nhZS · High · Published · Updated

A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-dme-rce-cbE3nhZS This advisory is part of the August 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes seven Cisco Security Advisories that describe seven vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2020 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

However, customers who do not use the Cisco Discovery Protocol feature can disable it either globally to fully eliminate the attack vector or on individual interfaces to reduce the attack surface.
Disable Cisco Discovery Protocol Globally on Cisco Nexus Switches
To disable Cisco Discovery Protocol globally on Cisco Nexus Switches, use the no cdp enable command in global configuration mode, as shown in the following example:

nxos# conf t
Enter configuration commands, one per line. End with CNTL/Z. nxos(config)# no cdp enable nxos(config)# end nxos# copy running-config startup-config [########################################] 100% Copy complete.

Disable Cisco Discovery Protocol on an Interface on Cisco Nexus Switches
To disable Cisco Discovery Protocol on an interface on Cisco Nexus Switches, use the no cdp enable command in interface configuration mode, as shown in the following example:

nxos# conf t
Enter configuration commands, one per line. End with CNTL/Z. nxos(config)# interface Ethernet1/1 nxos(config-if)# no cdp enable nxos(config-if)# end nxos# copy running-config startup-config [########################################] 100% Copy complete.

Disable Cisco Discovery Protocol on Cisco UCS Fabric Interconnects
Cisco Discovery Protocol cannot be disabled completely on Cisco UCS Fabric Interconnects.

Cisco Discovery Protocol can be disabled on server ports and appliance ports on Cisco UCS Fabric Interconnects, but it cannot be disabled on Ethernet uplink ports, Ethernet port channel members, FCoE uplink ports, or management interfaces.

To disable Cisco Discovery Protocol on the server ports of a Cisco UCS Fabric Interconnect, use the disable cdp command in the default nw-ctrl-policy in the org scope, as shown in the following example:

ucs-fi# scope org
ucs-fi /org # enter nw-ctrl-policy default ucs-fi /org/nw-ctrl-policy # disable cdp ucs-fi /org/nw-ctrl-policy* # exit ucs-fi /org* # exit ucs-fi* # commit-buffer ucs-fi#

To disable Cisco Discovery Protocol on the appliance ports of a Cisco UCS Fabric Interconnect, use the disable cdp command in the default nw-ctrl-policy in the eth-storage scope, as shown in the following example:

ucs-fi* # scope eth-storage
ucs-fi /eth-storage* # enter nw-ctrl-policy default ucs-fi /eth-storage/nw-ctrl-policy* # disable cdp ucs-fi /eth-storage/nw-ctrl-policy* # exit ucs-fi /eth-storage* # exit ucs-fi* # commit-buffer ucs-fi#

CVEsCVE-2020-3415
Cisco Bug IDsCSCvs10167, CSCvr89315
CVSS ScoreBase 8.8
Base 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Computing System (Managed), Cisco NX-OS Software 7.0(3)F3(1), Cisco NX-OS Software 7.0(3)F3(2), Cisco NX-OS Software 7.0(3)F3(3), Cisco NX-OS Software 7.0(3)F3(3a), Cisco NX-OS Software 7.0(3)F3(4), Cisco NX-OS Software 7.0(3)F3(3c), Cisco NX-OS Software 7.0(3)F3(5), Cisco NX-OS Software 7.0(3)I5(1), Cisco NX-OS Software 7.0(3)I5(2), Cisco NX-OS Software 7.0(3)I5(3), Cisco NX-OS Software 7.0(3)I5(3a), Cisco NX-OS Software 7.0(3)I5(3b), Cisco NX-OS Software 7.0(3)I6(1), Cisco NX-OS Software 7.0(3)I6(2), Cisco NX-OS Software 7.0(3)I7(1), Cisco NX-OS Software 7.0(3)I7(2), Cisco NX-OS Software 7.0(3)I7(3), Cisco NX-OS Software 7.0(3)I7(4), Cisco NX-OS Software 7.0(3)I7(5), Cisco NX-OS Software 7.0(3)I7(5a), Cisco NX-OS Software 7.0(3)I7(3z), Cisco NX-OS Software 7.0(3)I7(6), Cisco NX-OS Software 7.0(3)I7(6z), Cisco NX-OS Software 7.0(3)I7(7), Cisco NX-OS Software 9.2(1), Cisco NX-OS Software 9.2(2), Cisco NX-OS Software 9.2(2t), Cisco NX-OS Software 9.2(2v), Cisco NX-OS Software 7.0(3)IA7(1), Cisco NX-OS Software 7.0(3)IA7(2), Cisco NX-OS Software 7.0(3)IM7(2), Cisco NX-OS Software, Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches

CSAF Product Statuses

Product Status Source CVE Rows
Cisco NX-OS Software 7.0(3)F3(1) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(1) when installed on Cisco Nexus 9000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(2) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(3) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(3) when installed on Cisco Nexus 9000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(3a) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(3a) when installed on Cisco Nexus 9000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(3c) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(3c) when installed on Cisco Nexus 9000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(4) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(4) when installed on Cisco Nexus 9000 Series Switches known_affected cisco_csaf CVE-2020-3415 1
Cisco NX-OS Software 7.0(3)F3(5) when installed on Cisco Nexus 3000 Series Switches known_affected cisco_csaf CVE-2020-3415 1

Showing 12 of 56 CSAF status groups; 44 more not shown.

Related Products

Product CVE Evidence
Cisco NX-OS Software CVE-2020-3415 Cisco OpenVuln
Cisco Unified Computing System (Managed) CVE-2020-3415 Cisco OpenVuln
Cisco Nexus 9000 Series Switches CVE-2020-3415 Cisco OpenVuln · family-level
Cisco Nexus 3000 Series Switches CVE-2020-3415 Cisco OpenVuln · family-level