多款Cisco产品输入验证错误漏洞

CNNVD-ID编号	CNNVD-202008-178
CVE编号	CVE-2020-3363
发布时间	2020-08-05
更新时间	2020-09-08
漏洞类型	输入验证错误
漏洞来源	N/A
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

Cisco 250 Series Smart Switches等都是美国思科（Cisco）公司的产品。Cisco 250 Series Smart Switches是一款250系列智能交换机。Cisco 350 Series Managed Switches是一款350系列管理型交换机。550X Series Stackable Managed Switches是一款550X系列管理型交换机。

多款Cisco产品中的IPv6数据包处理引擎存在输入验证错误漏洞，该漏洞源于程序没有充分验证所接收的IPv6流量。远程攻击者可通过发送特制的IPv6数据包利用该漏洞造成拒绝服务。以下产品及版本受到影响：Cisco 250 Series Smart Switches；350 Series Managed Switches；350X Series Stackable Managed Switches；550X Series Stackable Managed Switches；Small Business 200 Series Smart Switches；Small Business 300 Series Managed Switches；Small Business 500 Series Stackable Managed Switches。

漏洞补丁

目前厂商已发布升级了多款Cisco产品输入验证错误漏洞的补丁，多款Cisco产品输入验证错误漏洞的补丁获取链接：

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-3bLk6vA

参考网址

来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2698/
来源:tools.cisco.com

链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-3bLk6vA
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48347
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2698.2/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202008-178