Sg250X 24 Firmware
CVE-2020-3363
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.
AnalysisAI
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected. Affected products include: Cisco Sg250X-24 Firmware, Cisco Sg250X-24P Firmware, Cisco Sg250X-48 Firmware, Cisco Sg250X-48P Firmware, Cisco Sg250-08 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sg250X 24 Firmware
View allA vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an
A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches cou
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Small Business Sx200, S
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today