VDB
CVE-2020-3228
CVE-2020-3228
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
EPSS 1.64% · 82.3th percentile
Risk Scores
CVSS 3.0
6.800000190734863
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
1.64%
82.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios | *, 15.2\(1\)sy4, 15.2\(1\)sy5 |
| Cisco | Cisco IOS 15.3(2)T | n/a |
| cisco | ios_xe | 3.3.1se, 3.3.2se, 3.3.2xo |
| cisco | nx-os | 5.2\(1\)sv3\(3.15\), 5.2\(1\)sv3\(4.1a\), 5.2\(1\)sv3\(4.1b\) |
Exploit Intelligence
Timeline
- Jun 3, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Sep 18, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score