A Vulnerability with Cisco Small Business, Smart, and Managed Switches Could Allow for Denial of Service

DESCRIPTION

A vulnerability has been discovered in Cisco Small Business, Smart, and Managed Switches which could allow for a denial-of-service condition when the switch processes a specially crafted IPv6 address. The vulnerability occurs due to insufficient validation of incoming IPv6 traffic. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. The vulnerability does not affect IPv4 traffic and there is no workaround for the vulnerability. Successful exploitation of this vulnerability could allow an attacker to cause the switches management CLI to stop responding.

IMPACT

A vulnerability has been discovered in Cisco Small Business, Smart, and Managed Switches which could allow for a denial-of-service condition when the switch processes a specially crafted IPv6 address. The vulnerability occurs due to insufficient validation of incoming IPv6 traffic. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. The vulnerability does not affect IPv4 traffic and there is no workaround for the vulnerability. Successful exploitation of this vulnerability could allow an attacker to cause the switches management CLI to stop responding.

SYSTEM AFFECTED

  • Cisco 250 Series Smart Switches
  • Cisco 350 Series Managed Switches
  • Cisco 350X Series Stackable Managed Switches
  • Cisco 550X Series Stackable Managed Switches
  • Cisco Small Business 200 Series Smart Switches
  • Cisco Small Business 300 Series Managed Switches
  • Cisco Small Business 500 Series Stackable Managed Switches

RECOMMENDATIONS

Following actions are recommended to be taken:

  • Apply appropriate patches provided by Cisco to vulnerable devices immediately after appropriate testing.
  • Deploy network intrusion detection systems to monitor network traffic to affected devices.

REFERENCES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3496

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-tsgqbffW

https://www.cisecurity.org/advisory/a-vulnerability-with-cisco-small-business-smart-and-managed-switches-could-allow-for-denial-of-service_2020-119/

Share