First published: Wed Mar 06 2019(Updated: )
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nexus-fbr-dos
Credit: This vulnerability was found during the resolution a Cisco TAC support case
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco NX-OS Software | =7.1<7.1(5)N1(1b)=7.0<7.1(5)N1(1b)=6.0<7.1(5)N1(1b) | 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco Nexus vulnerability is cisco-sa-20190306-nexus-fbr-dos.
The title of this vulnerability is 'Cisco Nexus 5600 and 6000 Series Switches Fibre Channel over Ethernet Denial of Service Vulnerability'.
The severity rating of this vulnerability is 7.4 (High).
The affected software for this vulnerability is Cisco NX-OS Software version 7.1(5)N1(1b).
An unauthenticated, adjacent attacker can exploit this vulnerability by causing a denial of service (DoS) condition on the affected device.