Input validation

2020-08-2617:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause the switch management CLI to stop responding, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

CPENameOperatorVersion
sf200-24_firmwarele2.5.5.47
sf200-24fp_firmwarele2.5.5.47
sf200-24p_firmwarele2.5.5.47
sf200-48_firmwarele2.5.5.47
sf200-48p_firmwarele2.5.5.47
sf250-24_firmwarele2.5.5.47
sf250-24p_firmwarele2.5.5.47
sf250-48_firmwarele2.5.5.47
sf250-48hp_firmwarele2.5.5.47
sf300-08_firmwarele2.5.5.47

Name	Operator	Version
sf200-24_firmware	le	2.5.5.47
sf200-24fp_firmware	le	2.5.5.47
sf200-24p_firmware	le	2.5.5.47
sf200-48_firmware	le	2.5.5.47
sf200-48p_firmware	le	2.5.5.47
sf250-24_firmware	le	2.5.5.47
sf250-24p_firmware	le	2.5.5.47
sf250-48_firmware	le	2.5.5.47
sf250-48hp_firmware	le	2.5.5.47
sf300-08_firmware	le	2.5.5.47