{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-20169","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2022-10-27T18:47:50.362Z","datePublished":"2023-08-23T18:19:45.317Z","dateUpdated":"2024-08-02T09:05:36.905Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-01-25T16:57:49.042Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.\r\n\r This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device."}],"affected":[{"vendor":"Cisco","product":"Cisco NX-OS Software","versions":[{"version":"10.3(2)","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Access of Memory Location After End of Buffer","type":"cwe","cweId":"CWE-788"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb","name":"cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb","discovery":"INTERNAL","defects":["CSCwe11136"]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T09:05:36.905Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb","name":"cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb","tags":["x_transferred"]}]}]}}