Nexus 9000 Series Switches Standalone NX-OS Mode Fibre Channel over Ethernet NPV DoS Vulnerability (cisco-sa-20190306-nxos-npv-dos)

high Nessus Plugin ID 138354

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability exists in Fibre Channel over Ethernet N-port Virtualization due to incorrect processing of FCoE packets. An unauthenticated, adjacent attacker can exploit this issue, via sending a stream of FCoE frames, to cause the system to stop responding.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvk44504

See Also

http://www.nessus.org/u?0d825de1

http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-70757

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk44504

Plugin Details

Severity: High

ID: 138354

File Name: cisco-sa-20190306-nxos-npv-dos.nasl

Version: 1.7

Type: combined

Family: CISCO

Published: 7/9/2020

Updated: 3/1/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-1617

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os

Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/6/2019

Vulnerability Publication Date: 3/11/2019

Reference Information

CVE: CVE-2019-1617

BID: 107336