CVE-2019-1962: Input Validation

First published: Wed Aug 28 2019(Updated: )

A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Nx-os	>=5.2<6.2\(29\)
Cisco Nx-os	>=7.3<8.1
Cisco Mds 9132t
Cisco Mds 9148s
Cisco Mds 9148t
Cisco Mds 9216
Cisco Mds 9216a
Cisco Mds 9216i
Cisco Mds 9222i
Cisco Mds 9250i
Cisco Mds 9396s
Cisco Mds 9396t
Cisco Mds 9506
Cisco Mds 9509
Cisco Mds 9513
Cisco Mds 9706
Cisco Mds 9710
Cisco Mds 9718
Cisco Nx-os	>=7.0\(3\)f<9.2
Cisco N9k-c9504-fm-r
Cisco N9k-c9508-fm-r
Cisco N9k-x96136yc-r
Cisco N9k-x9636c-r
Cisco N9k-x9636c-rx
Cisco N9k-x9636q-r
Cisco Nexus 36180yc-r
Cisco Nexus 3636c-r
Cisco X96136yc-r
Cisco X9636c-r
Cisco X9636c-rx
Cisco X9636q-r
Cisco Nx-os	<7.1\(5\)n1\(1b\)
Cisco Nx-os	>=7.3<7.3\(5\)n1\(1\)
Cisco Nexus 5010
Cisco Nexus 5020
Cisco Nexus 5548p
Cisco Nexus 5548up
Cisco Nexus 5596t
Cisco Nexus 5596up
Cisco Nexus 56128p
Cisco Nexus 5624q
Cisco Nexus 5648q
Cisco Nexus 5672up
Cisco Nexus 5672up-16g
Cisco Nexus 5696q
Cisco Nexus 6001
Cisco Nexus 6004
Cisco Nx-os	<6.2\(22\)
Cisco Nx-os	>=7.2<7.3\(4\)d1\(1\)
Cisco 7000 10-slot
Cisco 7000 18-slot
Cisco 7000 4-slot
Cisco 7000 9-slot
Cisco 7700 10-slot
Cisco 7700 18-slot
Cisco 7700 2-slot
Cisco 7700 6-slot
Cisco N77-f312ck-26
Cisco N77-f324fq-25
Cisco N77-f348xp-23
Cisco N77-f430cq-36
Cisco N77-m312cq-26l
Cisco N77-m324fq-25l
Cisco N77-m348xp-23l
Cisco N7k-f248xp-25e
Cisco N7k-f306ck-25
Cisco N7k-f312fq-25
Cisco N7k-m202cf-22l
Cisco N7k-m206fq-23l
Cisco N7k-m224xp-23l
Cisco N7k-m324fq-25l
Cisco N7k-m348xp-25l
Cisco Nexus 7000 Supervisor 1
Cisco Nexus 7000 Supervisor 2
Cisco Nexus 7000 Supervisor 2e
Cisco Nexus 7700 Supervisor 2e
Cisco Nexus 7700 Supervisor 3e
Cisco Nx-os	<7.0\(3\)i4\(9\)
Cisco Nx-os	>=7.0\(3\)i7<7.0\(3\)i7\(6\)
Cisco N9k-c92160yc-x
Cisco N9k-c9236c
Cisco N9k-c9272q
Cisco N9k-c93180lc-ex
Cisco N9k-c93180yc-ex
Cisco N9k-c93180yc-fx
Cisco N9k-x9732c-ex
Cisco N9k-x9736c-fx
Cisco Nexus 3048
Cisco Nx-os	<6.0\(2\)a8\(11\)
Cisco Nexus 3524-x\/xl
Cisco Nexus 3548-x\/xl
Cisco Nx-os	<3.2\(3i\)
Cisco Nx-os	>=4.0<4.0\(2d\)
Cisco Ucs-6296up
Cisco Ucs 6248up
Cisco Ucs 6324
Cisco Ucs 6332
Cisco Ucs 6332-16up

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

CVE-2019-1962: Input Validation

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact