CVE-2020-3363

Name: CVE-2020-3363
Creator: NVD / NIST
Published: 2020-08-17T18:15:12.587+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10EPSS 1.82%

Last modified Jun 17, 2026

CVE-2020-3363 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. EPSS estimates a 1.82% chance of exploitation in the next 30 days.

Description

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

Metrics

CVSS 3.1

8.6/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Probability

1.82%

76.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Sg250x-24 Firmware	All versions
Cisco	Sg250x-24p Firmware	All versions
Cisco	Sg250x-48 Firmware	All versions
Cisco	Sg250x-48p Firmware	All versions
Cisco	Sg250-08 Firmware	All versions
Cisco	Sg250-08hp Firmware	All versions
Cisco	Sg250-10p Firmware	All versions
Cisco	Sg250-18 Firmware	All versions
Cisco	Sg250-26 Firmware	All versions
Cisco	Sg250-26hp Firmware	All versions
Cisco	Sg250-26p Firmware	All versions
Cisco	Sg250-50 Firmware	All versions
Cisco	Sg250-50hp Firmware	All versions
Cisco	Sg250-50p Firmware	All versions
Cisco	Sf250-24 Firmware	All versions
Cisco	Sf250-24p Firmware	All versions
Cisco	Sf250-48 Firmware	All versions
Cisco	Sf250-48hp Firmware	All versions
Cisco	Sg350-10 Firmware	All versions
Cisco	Sg350-10p Firmware	All versions
Cisco	Sg350-10mp Firmware	All versions
Cisco	Sg355-10p Firmware	All versions
Cisco	Sg350-28 Firmware	All versions
Cisco	Sg350-28p Firmware	All versions
Cisco	Sg350-28mp Firmware	All versions
Cisco	Sf350-48 Firmware	All versions
Cisco	Sf350-48p Firmware	All versions
Cisco	Sf350-48mp Firmware	All versions
Cisco	Sg350xg-2f10 Firmware	All versions
Cisco	Sg350xg-24f Firmware	All versions
Cisco	Sg350xg-24t Firmware	All versions
Cisco	Sg350xg-48t Firmware	All versions
Cisco	Sg350x-24 Firmware	All versions
Cisco	Sg350x-24p Firmware	All versions
Cisco	Sg350x-24mp Firmware	All versions
Cisco	Sg350x-48 Firmware	All versions
Cisco	Sg350x-48p Firmware	All versions
Cisco	Sg350x-48mp Firmware	All versions
Cisco	Sx550x-16ft Firmware	All versions
Cisco	Sx550x-24ft Firmware	All versions
Cisco	Sx550x-12f Firmware	All versions
Cisco	Sx550x-24f Firmware	All versions
Cisco	Sx550x-24 Firmware	All versions
Cisco	Sx550x-52 Firmware	All versions
Cisco	Sg550x-24 Firmware	All versions
Cisco	Sg550x-24p Firmware	All versions
Cisco	Sg550x-24mp Firmware	All versions
Cisco	Sg550x-24mpp Firmware	All versions
Cisco	Sg550x-48 Firmware	All versions
Cisco	Sg550x-48p Firmware	All versions

Showing 50 of 114 affected configurations. See NVD for the full list.

References

Timeline

Published: Aug 17, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-3363?

How severe is CVE-2020-3363?

CVE-2020-3363 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 1.82% probability of exploitation in the next 30 days.

How do I fix CVE-2020-3363?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3363?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST