Synced 17 Jun 2026 22:27 UTC Account
← All products

CVE-2020-3228

HIGH severity · CVSS 8.6 · Improper input validation
8.6CVSS HIGH

Summary

A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)2%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products we track (1)

NX-OS

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxp-68TEVzR ↗

Additional information