Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

high Nessus Plugin ID 126477

Language:

Synopsis

The remote Cisco device is affected by denial of service (DoS) vulnerability.

Description

According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability. It exists in Cisco fabric services due to insufficient validation of Cisco fabric service packets. An unauthenticated, remote attacker can exploit this issue, via sending a crafted Cisco fabric services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in a DoS condition on the device.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvh99066 / CSCvj10176 / CSCvj10178 / CSCvj10181 / CSCvj10183.

Plugin Details

Severity: High

ID: 126477

File Name: cisco-sa-20190306-nxos-fabric-dos.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 7/4/2019

Updated: 5/10/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-1616

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/6/2019

Vulnerability Publication Date: 3/6/2019

Reference Information

CVE: CVE-2019-1616

BID: 107395

CISCO-SA: cisco-sa-20190306-nxos-fabric-dos

CISCO-BUG-ID: CSCvh99066, CSCvj10176, CSCvj10178, CSCvj10181, CSCvj10183

Detections

Analytics