LiveActive security incident?Get immediate response
CVE Record

CVE-2020-3363: Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

HighCVSS 8.6Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Certain Cisco Small Business switch software can be forced to reboot by malicious IPv6 traffic. The business impact is availability: affected switches may unexpectedly restart, disrupting network connectivity. The source bundle does not identify active exploitation or fixed versions, so remediation should be driven by Cisco’s advisory for the exact model and software release.

Executive priority

Prioritize this for networks where affected Cisco switches carry business-critical traffic or IPv6 is enabled. The issue is availability-focused rather than data theft, but an unexpected switch reboot can still interrupt operations. Resolve through vendor-confirmed upgrades or exposure reduction.

Technical view

CVE-2020-3363 is an unauthenticated remote denial-of-service flaw in Cisco Small Business Smart and Managed Switch IPv6 packet processing. Insufficient validation of incoming IPv6 traffic can allow a crafted IPv6 packet passing through an affected device to trigger an unexpected reboot. IPv4 traffic is not affected. CVSS v3.0 score is 8.6 high.

Likely exposure

Exposure is most relevant where Cisco Small Business 250 Series Smart Switches process IPv6 traffic, especially across untrusted or broadly reachable network segments. Organizations without IPv6 enabled or without affected Cisco Small Business switch models are less likely to be exposed, but should verify inventory and software versions.

Exploitation context

The bundle states remote unauthenticated exploitation is possible, with low attack complexity and availability impact. It does not include exploit code, observed exploitation, or CISA KEV listing; KEV is marked false. Treat this as a credible disruption risk, not confirmed active exploitation.

Researcher notes

The provided record names CWE-20 and describes insufficient IPv6 input validation causing reboot. Affected version data is incomplete in the bundle, and no patch version is quoted. Do not broaden affected products beyond the Cisco Small Business 250 Series entry without checking Cisco’s advisory.

Mitigation direction

  • Check Cisco’s advisory for affected models, fixed releases, and supported upgrade paths.
  • Upgrade affected Cisco Small Business switch software when a vendor-fixed release is available.
  • Limit untrusted IPv6 traffic through affected switches where operationally feasible.
  • Segment management and high-value network paths from untrusted IPv6 sources.
  • Monitor affected switches for unexpected reboots and availability incidents.

Validation and detection

  • Inventory Cisco Small Business 250 Series Smart Switches and record software versions.
  • Confirm whether affected switches process IPv6 traffic in production paths.
  • Compare exact models and software releases against Cisco’s advisory.
  • Review availability monitoring for unexplained switch reboots or brief outages.
  • Document compensating controls if immediate upgrade is not possible.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2020-3363 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.6 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.6CVSS 3.0HighCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H3.94Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

8.6High
CVSS 3.0 vector shape for CVE-2020-3363Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco Small Business 250 Series Smart Switches Softwaren/aListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-20 · source CWE mapping

Improper Input Validation

Improper Input Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.