cisco-sa-20190306-nxos-netstack: Cisco NX-OS Software Netstack Denial of Service Vulnerability
First published: Wed Mar 06 2019(Updated: )
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device in a sustained way. A successful exploit could cause the network stack of an affected device to run out of available buffers, impairing operations of control plane and management plane protocols, resulting in a DoS condition. Note: This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack
Credit: Tim April AkamaiTrevers Astheimer AkamaiAaron Block AkamaiJohn-Nicholas Furst Akamai AkamaiEric Kloster Akamai
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | ||
| Cisco NX-OS | =5.2<5.2(1)SV3(4.1a)=Prior to 5.2<5.2(1)SV3(4.1a) | 5.2(1)SV3(4.1a) 5.2(1)SV3(4.1a) |
| Cisco NX-OS | =6.0(2)A8<6.0(2)A8(11)=Prior to 6.0(2)A8<6.0(2)A8(11) | 6.0(2)A8(11) 6.0(2)A8(11) |
| Cisco NX-OS | =7.1<7.1(5)N1(1b)=7.0<7.1(5)N1(1b)=6.0<7.1(5)N1(1b)=5.2<7.1(5)N1(1b)=Prior to 5.2<7.1(5)N1(1b) | 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1(5)N1(1b) |
| Cisco NX-OS | =6.2<6.2(22)=Prior to 6.2<6.2(22) | 6.2(22) 6.2(22) |
| Cisco NX-OS | =4.0<4.0(2a)=3.2<3.2(3j)=3.1<3.2(3j)=Prior to 3.1<3.2(3j) | 4.0(2a) 3.2(3j) 3.2(3j) 3.2(3j) |
| Cisco NX-OS | =4.0<4.0(2a) | 4.0(2a) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco NX-OS Software vulnerability?
The vulnerability ID is cisco-sa-20190306-nxos-netstack.
What is the severity level of vulnerability cisco-sa-20190306-nxos-netstack?
The severity level of vulnerability cisco-sa-20190306-nxos-netstack is high.
How does this vulnerability affect Cisco NX-OS Software?
This vulnerability can cause a denial of service (DoS) condition on the affected devices running Cisco NX-OS Software.
How can an attacker exploit vulnerability cisco-sa-20190306-nxos-netstack?
An unauthenticated, remote attacker can exploit this vulnerability by causing the affected device to enter a DoS condition.
Where can I find more information about vulnerability cisco-sa-20190306-nxos-netstack?
You can find more information about vulnerability cisco-sa-20190306-nxos-netstack at the following link: [Cisco Security Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack)
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/5.2
- version/cisco nx-os/prior to 5.2
- version/cisco nx-os/6.0(2)a8
- version/cisco nx-os/prior to 6.0(2)a8
- version/cisco nx-os/7.1
- version/cisco nx-os/7.0
- version/cisco nx-os/6.0
- version/cisco nx-os/6.2
- version/cisco nx-os/prior to 6.2
- version/cisco nx-os/4.0
- version/cisco nx-os/3.2
- version/cisco nx-os/3.1
- version/cisco nx-os/prior to 3.1