8.6
CWE
399
Advisory Published

cisco-sa-nxos-bfd-dos-wGQXrzxn: Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability

First published: Wed Feb 23 2022(Updated: )

A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn This advisory is part of the February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2022 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Credit: This vulnerability was found during the resolution a Cisco TAC support case

Affected SoftwareAffected VersionHow to fix
Cisco NX-OS Software=10.2(2)<Nexus 9500 Series Switches2=9.3(8)<Nexus 9500 Series Switches1=7.0(3)I7(10)<Nexus 9500 Series Switches1
Nexus 9500 Series Switches2
Nexus 9500 Series Switches1
Nexus 9500 Series Switches1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the vulnerability ID for this Cisco Nexus 9000 Series Switches vulnerability?

    The vulnerability ID for this Cisco Nexus 9000 Series Switches vulnerability is cisco-sa-nxos-bfd-dos-wGQXrzxn.

  • What is the title of this vulnerability?

    The title of this vulnerability is Cisco Nexus 9000 Series Switches Bidirectional Forwarding Detection Denial of Service Vulnerability.

  • What is the severity of this vulnerability?

    The severity of this vulnerability is high with a CVSS score of 8.6.

  • How does this vulnerability affect Cisco Nexus 9000 Series Switches?

    This vulnerability affects Cisco Nexus 9000 Series Switches running Cisco NX-OS Software versions 7.0(3)I7(10), 9.3(8), and 10.2(2).

  • Is authentication required for exploitation?

    No, authentication is not required for exploitation of this vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203