First published: Wed Feb 05 2020(Updated: )
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos
Credit: Barak Hadad Armis
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco FXOS Software | =2.7<2.7.1.106=2.6<2.6.1.187=2.4<Release no. TBD (May 2020)>=Earlier than 2.2=2.2<=2.3<2.3.1.173 | 2.7.1.106 2.6.1.187 Release no. TBD (May 2020) 2.3.1.173 |
Cisco IOS XR Software | >=Earlier than 6.6=6.6<=7.0<7.0.2 (Mar 2020) or appropriate SMU | 7.0.2 (Mar 2020) or appropriate SMU |
Cisco IOS XR Software | =7.0.1<NCS540L>=6.6.12<=6.6.25<NCS560=XRV9K<xrv9k-6.5.3.CSCvr78185=NCS5500<ncs5500-6.5.3.CSCvr78185=NCS5K<ncs5k-6.5.3.CSCvr78185=NCS560<ncs560-6.6.25.CSCvr78185=NCS540<ncs540-6.5.3.CSCvr78185=ASR9K-X64<asr9k-x64-6.5.3.CSCvr78185=6.5.3<ASR9K-PX=CRS-PX<hfr-px-6.4.2.CSCvr78185=6.4.2<ASR9K-PX=5.2.5<NCS6K | NCS540L NCS560 xrv9k-6.5.3.CSCvr78185 ncs5500-6.5.3.CSCvr78185 ncs5k-6.5.3.CSCvr78185 ncs560-6.6.25.CSCvr78185 ncs540-6.5.3.CSCvr78185 asr9k-x64-6.5.3.CSCvr78185 ASR9K-PX hfr-px-6.4.2.CSCvr78185 ASR9K-PX NCS6K |
Cisco NX-OS Software | =8.4<8.4(1a)=8.3<8.4(1a)=8.2<8.4(1a)=8.1<8.4(1a)=7.3<8.4(1a)=6.2<6.2(29)=5.2<6.2(29) | 8.4(1a) 8.4(1a) 8.4(1a) 8.4(1a) 8.4(1a) 6.2(29) 6.2(29) |
Cisco NX-OS Software | ||
Cisco NX-OS Software | =5.2<5.2(1)SV3(4.1b)=Earlier than 5.2<5.2(1)SV3(4.1b) | 5.2(1)SV3(4.1b) 5.2(1)SV3(4.1b) |
Cisco NX-OS Software | =7.0(3)I<7.0(3)I7(8) (Feb 2020) or appropriate SMU1=Earlier than 7.0(3)I<7.0(3)I7(8) (Feb 2020) or appropriate SMU1 | 7.0(3)I7(8) (Feb 2020) or appropriate SMU1 7.0(3)I7(8) (Feb 2020) or appropriate SMU1 |
Cisco NX-OS Software | =8.4<8.4(2) (Mar 2020) or appropriate SMU1>=7.2=7.3=8.0=8.1=8.2<=8.3<8.4(2) (Mar 2020) or appropriate SMU1=6.2<6.2(24)=Earlier than 6.2<6.2(24) | 8.4(2) (Mar 2020) or appropriate SMU1 8.4(2) (Mar 2020) or appropriate SMU1 6.2(24) 6.2(24) |
Cisco NX-OS Software | =14.2<14.2(1j)=14.1<14.2(1j)=14.0<14.2(1j)=13.2<13.2(9b)=13.1<13.2(9b)>=.1<13<13.2(9b) | 14.2(1j) 14.2(1j) 14.2(1j) 13.2(9b) 13.2(9b) 13.2(9b) |
Cisco UCS Software | =4.0<4.0(4g)=3.2<3.2(3n)=Earlier than 3.2<3.2(3n) | 4.0(4g) 3.2(3n) 3.2(3n) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is cisco-sa-20200205-fxnxos-iosxr-cdp-dos.
The title of the vulnerability is Cisco FXOS IOS XR and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability.
The severity of cisco-sa-20200205-fxnxos-iosxr-cdp-dos is high with a severity value of 7.4.
The following software are affected by cisco-sa-20200205-fxnxos-iosxr-cdp-dos: Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software.
To fix cisco-sa-20200205-fxnxos-iosxr-cdp-dos, apply the appropriate software version or update provided by Cisco.