Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

high Nessus Plugin ID 125391

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco FXOS Software and Cisco NX-OS Software are affected by multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service attack (DoS).
The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition.

Please see the included Cisco BIDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed / recommended version referenced in Cisco Security Advisories.

See Also

http://www.nessus.org/u?453a1923

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd40241

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd57308

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02855

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02858

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02865

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02867

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve02871

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve57816

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve57820

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve58224

Plugin Details

Severity: High

ID: 125391

File Name: cisco-sa-20190306-nxosldap.nasl

Version: 1.7

Type: combined

Family: CISCO

Published: 5/24/2019

Updated: 5/21/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-1598

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 3/6/2018

Vulnerability Publication Date: 3/6/2018

Reference Information

CVE: CVE-2019-1597, CVE-2019-1598

BID: 107394