CVE-2023-20014

Description

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Cisco / Cisco Nexus Dashboard1.1(0c) – 1.1(0c)
Cisco / Cisco Nexus Dashboard1.1(0d) – 1.1(0d)
Cisco / Cisco Nexus Dashboard1.1(2h) – 1.1(2h)
Cisco / Cisco Nexus Dashboard1.1(2i) – 1.1(2i)
Cisco / Cisco Nexus Dashboard1.1(3c) – 1.1(3c)
Cisco / Cisco Nexus Dashboard1.1(3d) – 1.1(3d)
Cisco / Cisco Nexus Dashboard1.1(3e) – 1.1(3e)
Cisco / Cisco Nexus Dashboard1.1(3f) – 1.1(3f)
Cisco / Cisco Nexus Dashboard2.0(1b) – 2.0(1b)
Cisco / Cisco Nexus Dashboard2.0(1d) – 2.0(1d)
Cisco / Cisco Nexus Dashboard2.0(2g) – 2.0(2g)
Cisco / Cisco Nexus Dashboard2.0(2h) – 2.0(2h)
Cisco / Cisco Nexus Dashboard2.1(1d) – 2.1(1d)
Cisco / Cisco Nexus Dashboard2.1(1e) – 2.1(1e)
Cisco / Cisco Nexus Dashboard2.1(2d) – 2.1(2d)
Cisco / Cisco Nexus Dashboard2.1(2f) – 2.1(2f)
Cisco / Cisco Nexus Dashboard2.2(1e) – 2.2(1e)
Cisco / Cisco Nexus Dashboard2.2(1h) – 2.2(1h)
Cisco / Cisco Nexus Dashboard2.2(2d) – 2.2(2d)

References

VENDOR_ADVISORYhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu