Detections
Analytics

Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol DoS (cisco-sa-20180620-nxos-cdp)

medium Nessus Plugin ID 138350

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability exists in Cisco Discovery Protocol due to failure to properly validate certain fields within a Cisco Discovery Protocol message. An unauthenticated, adjacent attacker can exploit this issue, via submiting a Cisco Discovery Protocol message, to cause the system to stop responding.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007

See Also

http://www.nessus.org/u?31020d41

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc89242

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve40943

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve40953

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve40965

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve40970

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve40978

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve40992

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve41000

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve41007

Plugin Details

Severity: Medium

ID: 138350

File Name: cisco-sa-20180620-nxos-cdp.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 7/9/2020

Updated: 5/20/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2018-0331

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 6/20/2018

Vulnerability Publication Date: 6/21/2018

Reference Information

CVE: CVE-2018-0331