cisco-sa-20181017-fxnx-os-dos: Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
First published: Wed Oct 17 2018(Updated: )
A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FX-OS | =Prior to 2.3<2.3.1.58 | 2.3.1.58 |
| Cisco NX-OS | ||
| Cisco NX-OS | =6.0(2)<6.0(2)A1(1b)=5.0(3)<6.0(2)A1(1b) | 6.0(2)A1(1b) 6.0(2)A1(1b) |
| Cisco NX-OS | =13.2/3.2<13.2(2l) / 3.2(2l)=Prior to 13.2/3.2<13.2(2l) / 3.2(2l) | 13.2(2l) / 3.2(2l) 13.2(2l) / 3.2(2l) |
| Cisco NX-OS UCS Software | =4.0<4.0(1a)=3.2<3.2(3g)=3.1<3.1(3j)=2.2<2.2(8l)=Prior to 2.2<2.2(8l) | 4.0(1a) 3.2(3g) 3.1(3j) 2.2(8l) 2.2(8l) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco vulnerability?
The vulnerability ID for this Cisco vulnerability is cisco-sa-20181017-fxnx-os-dos.
What is affected by the Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service vulnerability?
The Cisco FXOS Software and Cisco NX-OS Software are affected by this vulnerability.
How does this vulnerability impact the affected software?
This vulnerability could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is 8.8 (High).
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco fx-os
- version/cisco fx-os/prior to 2.3
- canonical/cisco nx-os
- version/cisco nx-os/6.0(2)
- version/cisco nx-os/5.0(3)
- version/cisco nx-os/13.2/3.2
- version/cisco nx-os/prior to 13.2/3.2
- canonical/cisco nx-os ucs software
- version/cisco nx-os ucs software/4.0
- version/cisco nx-os ucs software/3.2
- version/cisco nx-os ucs software/3.1
- version/cisco nx-os ucs software/2.2
- version/cisco nx-os ucs software/prior to 2.2