cisco-sa-20180620-nx-os-fabric-dos: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
First published: Wed Jun 20 2018(Updated: )
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FX-OS | =2.2.2<2.2.2.17=2.2.1<2.2.1.70=2.1.1<2.1.1.86=2.0<2.0.1.153=1.1<1.1.4.179 | 2.2.2.17 2.2.1.70 2.1.1.86 2.0.1.153 1.1.4.179 |
| Cisco NX-OS | =8.1<8.1(1a)=7.3<8.1(1a)=6.2<6.2(21)=5.2<6.2(21) | 8.1(1a) 8.1(1a) 6.2(21) 6.2(21) |
| Cisco NX-OS | ||
| Cisco NX-OS | =6.2<6.2(20) | 6.2(20) |
| Cisco NX-OS | =3.2<3.2(2b)=3.1<3.2(2b)=3.0<3.2(2b)=2.5<3.2(2b)=2.2<3.2(2b)=Prior to 2.2<3.2(2b) | 3.2(2b) 3.2(2b) 3.2(2b) 3.2(2b) 3.2(2b) 3.2(2b) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability?
The severity of Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability is high.
How does the vulnerability in Cisco FXOS and NX-OS Software Cisco Fabric Services component work?
The vulnerability allows an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition.
Which versions of Cisco FXOS Software are affected by the vulnerability?
The affected versions of Cisco FXOS Software are 2.2.2, 2.2.1, 2.1.1, 2.0, and 1.1.
Which versions of Cisco NX-OS Software are affected by the vulnerability?
The affected versions of Cisco NX-OS Software are 8.1, 7.3, 6.2, 5.2, 3.2, 3.1, 3.0, and prior to 2.2.
How can I fix the Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability?
To fix the vulnerability, update to the recommended software versions provided by Cisco.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/title
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco fx-os
- version/cisco fx-os/2.2.2
- version/cisco fx-os/2.2.1
- version/cisco fx-os/2.1.1
- version/cisco fx-os/2.0
- version/cisco fx-os/1.1
- canonical/cisco nx-os
- version/cisco nx-os/8.1
- version/cisco nx-os/7.3
- version/cisco nx-os/6.2
- version/cisco nx-os/5.2
- version/cisco nx-os/3.2
- version/cisco nx-os/3.1
- version/cisco nx-os/3.0
- version/cisco nx-os/2.5
- version/cisco nx-os/2.2
- version/cisco nx-os/prior to 2.2