First published: Wed Feb 24 2021(Updated: )
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K This advisory is part of the February 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco UCS Software | =4.1<4.1(1e)=4.0<4.0(4k) | 4.1(1e) 4.0(4k) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is cisco-sa-nxos-ipv6-netstack-edXPGV7K.
The title of this vulnerability is Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability.
The severity of the cisco-sa-nxos-ipv6-netstack-edXPGV7K vulnerability is high, with a severity value of 8.6.
This vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
Yes, Cisco has provided a fix for this vulnerability in Cisco UCS Software versions 4.1(1e) and 4.0(4k).