Showing posts with label CVE-2020-3272. Show all posts
Showing posts with label CVE-2020-3272. Show all posts

Ajay Verma , , , , , 01:49
Severity Rating: HIGH
Software Affected
Cisco Prime Network Registrar
Cisco NX-OS Software
Cisco Unified CCX software
Overview
Multiple Vulnerabilities have been reported in the DHCP server of Cisco
Prime Network Registrar, Cisco NX-OS Software for Cisco MDS 9000 Series
Multilayer Switches & Cisco Unified Contact Center Express which could be
exploited by an attacker to execute arbitrary code on a targeted system.
Description
1. Vulnerability in the DHCP server of Cisco Prime Network Registrar (
CVE-2020-3272   ) 

This Vulnerability exists in the DHCP server of Cisco Prime Network
Registrar due to insufficient input validation of incoming DHCP traffic
that could allow the attacker to cause a denial of service (DoS) condition.
An attacker could exploit this vulnerability by sending a crafted DHCP
request to an affected device.
Successful exploitation of this vulnerability could allow the attacker to
cause a restart of the DHCP server process, causing a denial of service
(DoS) condition. 

2. Vulnerability in the Cisco MDS 9000 Series Switches ( CVE-2020-3175   ) 

This Vulnerability exists in the resource handling system of Cisco NX-OS
Software for Cisco MDS 9000 Series Multilayer Switches due to improper
resource usage control that could allow the attacker to cause unexpected
behaviors such as high CPU usage, process crashes, or even full system
reboots of an affected device. An attacker could exploit this vulnerability
by sending traffic to the management interface (mgmt0) of an affected
device at very high rates.
Successful exploitation of this vulnerability could allow the attacker to
cause a denial of service (DoS) condition. 

3. Remote Code Execution Vulnerability in Cisco Unified Contact Center
Express ( CVE-2020-3280   ) 

This Vulnerability exists in the Java Remote Management Interface of Cisco
Unified Contact Center Express due to insecure deserialization of
user-supplied content by the affected software that could allow the
attacker to execute arbitrary code. An attacker could exploit this
vulnerability by sending a malicious serialized Java object to a specific
listener on an affected system.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code as the root user on an affected device.

Solution
Apply appopriate updates as mentioned in: 
- -sa-cpnr-dhcp-dos-BkEZfhLP

- -sa-20200226-mds-ovrld-dos

- -sa-uccx-rce-GMSC6RKN

Vendor Information
CISCO
- -sa-cpnr-dhcp-dos-BkEZfhLP
- -sa-20200226-mds-ovrld-dos
- -sa-uccx-rce-GMSC6RKN

References
CISCO
- -sa-cpnr-dhcp-dos-BkEZfhLP
- -sa-20200226-mds-ovrld-dos
- -sa-uccx-rce-GMSC6RKN

CVE Name
CVE-2020-3272
CVE-2020-3175
CVE-2020-3280
Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top