CVE-2023-20014

CVSS 7.5 HIGHEPSS 1.0%CWE-399

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Feb 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Cisco · Cisco Nexus Dashboard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu