cisco-sa-20190306-nx-os-lan-auth: Cisco NX-OS Software 802.1X Extensible Authentication Protocol over LAN Denial of Service Vulnerability
First published: Wed Mar 06 2019(Updated: )
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | =5.2<5.2(1)SV3(1.4b) 5.2(1)SV3(4.1)=Prior to 5.2<5.2(1)SV3(1.4b) | 5.2(1)SV3(1.4b)
5.2(1)SV3(4.1) 5.2(1)SV3(1.4b) |
| Cisco NX-OS | ||
| Cisco NX-OS | =7.1<7.1(5)N1(1b)=7.0<7.1(5)N1(1b)=6.0<7.1(5)N1(1b)=5.2<7.1(5)N1(1b)=Prior to 5.2<7.1(5)N1(1b) | 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) |
| Cisco NX-OS | =6.2<6.2(20a) | 6.2(20a) |
| Cisco NX-OS | =13.2<13.2(1l)=13.1<13.2(1l)=Prior to 13.1<13.2(1l) | 13.2(1l) 13.2(1l) 13.2(1l) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20190306-nx-os-lan-auth?
The severity of cisco-sa-20190306-nx-os-lan-auth is rated as high due to its potential for causing a denial of service condition.
How do I fix cisco-sa-20190306-nx-os-lan-auth?
To fix cisco-sa-20190306-nx-os-lan-auth, upgrade to a Cisco NX-OS Software version that is not affected, such as 6.2(20a) or 13.2(1l).
Which devices are affected by cisco-sa-20190306-nx-os-lan-auth?
Devices running affected versions of Cisco NX-OS Software, including versions 5.2, 6.0, 7.0, and 7.1 prior to 7.1(5)N1(1b), are vulnerable.
Is there any workaround for cisco-sa-20190306-nx-os-lan-auth?
Currently, no specific workarounds have been published for mitigating cisco-sa-20190306-nx-os-lan-auth.
What protocols are affected by cisco-sa-20190306-nx-os-lan-auth?
The vulnerability relates to the 802.1X implementation and Extensible Authentication Protocol in Cisco NX-OS Software.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/title
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/5.2
- version/cisco nx-os/prior to 5.2
- version/cisco nx-os/7.1
- version/cisco nx-os/7.0
- version/cisco nx-os/6.0
- version/cisco nx-os/6.2
- version/cisco nx-os/13.2
- version/cisco nx-os/13.1
- version/cisco nx-os/prior to 13.1