First published: Wed Mar 06 2019(Updated: )
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth
Credit: This vulnerability was found during the resolution a Cisco TAC support case
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco NX-OS Software | =5.2<5.2(1)SV3(1.4b) 5.2(1)SV3(4.1)=Prior to 5.2<5.2(1)SV3(1.4b) | 5.2(1)SV3(1.4b)
5.2(1)SV3(4.1) 5.2(1)SV3(1.4b) |
Cisco NX-OS Software | ||
Cisco NX-OS Software | =7.1<7.1(5)N1(1b)=7.0<7.1(5)N1(1b)=6.0<7.1(5)N1(1b)=5.2<7.1(5)N1(1b)=Prior to 5.2<7.1(5)N1(1b) | 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) |
Cisco NX-OS Software | =6.2<6.2(20a) | 6.2(20a) |
Cisco NX-OS Software | =13.2<13.2(1l)=13.1<13.2(1l)=Prior to 13.1<13.2(1l) | 13.2(1l) 13.2(1l) 13.2(1l) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.