Cisco NX-OS Software Netstack DoS (cisco-sa-20190306-nxos-netstack)

high Nessus Plugin ID 134948

Synopsis

The remote device is missing a vendor-supplied security patch

Description

A denial of service (DoS) vulnerability exists in Cisco NX-OS Software due to allocating and freeing memory buffers in the network stack. An unauthenticated, remote attacker can exploit this issue by sending crafted TCP streams to an affected device in a sustained way. If the attacker is succesful then this will result in the network stack running out of available buffers, thus impairing operations of the control plane and management plane protocols.

Please see the included Cisco BIDs and Cisco Security Advisory for more information

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvi92332

See Also

http://www.nessus.org/u?afa8810a

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk55013

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53108

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53112

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53113

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53114

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53115

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53116

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53125

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm53128

Plugin Details

Severity: High

ID: 134948

File Name: cisco-sa-20190306-nxos-netstack.nasl

Version: 1.4

Type: combined

Family: CISCO

Published: 3/27/2020

Updated: 3/31/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-1599

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 3/6/2019

Vulnerability Publication Date: 3/6/2019

Reference Information

CVE: CVE-2019-1599