cisco-sa-20200226-fxos-nxos-cdp: Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability
First published: Wed Feb 26 2020(Updated: )
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp
Credit: This vulnerability was found during the resolution a Cisco TAC support case
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco FX-OS | =2.7<2.7.1.106>=2.4<=2.6<2.6.1.187>=Earlier than 2.2=2.2<=2.3<2.3.1.179 | 2.7.1.106 2.6.1.187 2.3.1.179 |
| Cisco Unified Computing System (UCS) | =4.0<4.0(4g)>=Earlier than 3.2<=3.2<3.2(3n) | 4.0(4g) 3.2(3n) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco vulnerability?
The vulnerability ID is cisco-sa-20200226-fxos-nxos-cdp.
What is the severity level of cisco-sa-20200226-fxos-nxos-cdp?
The severity level of cisco-sa-20200226-fxos-nxos-cdp is high (8.8).
How can an attacker exploit cisco-sa-20200226-fxos-nxos-cdp?
An attacker can exploit cisco-sa-20200226-fxos-nxos-cdp by sending specially crafted Cisco Discovery Protocol messages to a vulnerable device.
What is the impact of cisco-sa-20200226-fxos-nxos-cdp?
The impact of cisco-sa-20200226-fxos-nxos-cdp is that an attacker can execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device.
How can I fix cisco-sa-20200226-fxos-nxos-cdp?
To fix cisco-sa-20200226-fxos-nxos-cdp, users should upgrade to a fixed software release as indicated in the Cisco Security Advisory.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/cisco-advisory
- source/Cisco
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco fx-os
- version/cisco fx-os/2.7
- version/cisco fx-os/2.4
- version/cisco fx-os/2.6
- version/cisco fx-os/earlier than 2.2
- version/cisco fx-os/2.2
- version/cisco fx-os/2.3
- canonical/cisco unified computing system (ucs)
- version/cisco unified computing system (ucs)/4.0
- version/cisco unified computing system (ucs)/earlier than 3.2
- version/cisco unified computing system (ucs)/3.2