CVE-2020-3496
A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.
EPSS 0.35% · 57.9th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | sg350-28mp_firmware | 0 |
| cisco | sg300-52p_firmware | 0 |
| cisco | sf302-08mp_firmware | 0 |
| cisco | sg250x-48_firmware | 0 |
| cisco | sx550x-52_firmware | 0 |
| cisco | sg550x-48p_firmware | 0 |
| cisco | sg250-26_firmware | 0 |
| cisco | sf550x-24_firmware | 0 |
| cisco | sf302-08_firmware | 0 |
| cisco | sg350-10_firmware | 0 |
| cisco | sf300-24_firmware | 0 |
| cisco | sf550x-24p_firmware | 0 |
| cisco | sg350x-24_firmware | 0 |
| cisco | sg550x-48_firmware | 0 |
| cisco | sg500-28p_firmware | 0 |
| cisco | sg350x-48_firmware | 0 |
| cisco | sg300-10mp_firmware | 0 |
| cisco | sf550x-48_firmware | 0 |
| cisco | sf250-48hp_firmware | 0 |
| cisco | sf550x-24mp_firmware | 0 |
…and 95 more
Exploit Intelligence
Timeline
- Aug 19, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score