First published: Wed Mar 06 2019(Updated: )
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Nx-os | <7.3\(5\)n1\(1\) | |
Cisco Nexus 5600 | ||
Cisco Nexus 6000 | ||
All of | ||
Cisco Nx-os | <7.3\(5\)n1\(1\) | |
Any of | ||
Cisco Nexus 5600 | ||
Cisco Nexus 6000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1595 is a vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2019-1595 affects Cisco NX-OS Software by causing an incorrect allocation of an internal interface, leading to a denial of service (DoS) condition.
The severity of CVE-2019-1595 is high, with a severity value of 6.5.
Cisco NX-OS Software version 7.3(5)n1(1) is affected by CVE-2019-1595.
To fix CVE-2019-1595, Cisco advises users to upgrade to a fixed software release.