CVE-2020-3174

MEDIUM Year: 2020
CVSS v3 Score
4.7
Medium
CVSS v2 Score
3.3
Low
Weakness Type
CWE-345
View all →

Vulnerability Description

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.

Related Vulnerabilities

CVE-2022-46422

MEDIUM
CVSS:4.8(Medium)

An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

CWE-3452022

CVE-2023-32993

MEDIUM
CVSS:4.8(Medium)

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused usin...

CWE-3452023

CVE-2021-21739

MEDIUM
CVSS:4.6(Medium)

A ZTE's product of the transport network access layer has a security vulnerability. Because the system does not sufficiently verify the data reliability, attackers could replace an authenticated optic...

CWE-3452021

CVE-2022-28385

MEDIUM
CVSS:4.6(Medium)

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and ...

CWE-3452022

CVE-2017-1405

MEDIUM
CVSS:4.9(Medium)

IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.

CWE-3452017

CVE-2016-3016

MEDIUM
CVSS:4.4(Medium)

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker ...

CWE-3452016