Detections
Analytics
Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
high Nessus Plugin ID 126477
Language:
Synopsis
The remote Cisco device is affected by denial of service (DoS) vulnerability.Description
According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability. It exists in Cisco fabric services due to insufficient validation of Cisco fabric service packets. An unauthenticated, remote attacker can exploit this issue, via sending a crafted Cisco fabric services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow, resulting in a DoS condition on the device.Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvh99066 / CSCvj10176 / CSCvj10178 / CSCvj10181 / CSCvj10183.See Also
http://www.nessus.org/u?c2417bde
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh99066
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj10176
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj10178
Plugin Details
Severity: High
ID: 126477
File Name: cisco-sa-20190306-nxos-fabric-dos.nasl
Version: 1.5
Type: combined
Family: CISCO
Published: 7/4/2019
Updated: 12/20/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2019-1616
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:nx-os
Required KB Items: Host/Cisco/NX-OS/Version, Host/Cisco/NX-OS/Model, Host/Cisco/NX-OS/Device
Exploit Ease: No known exploits are available
Patch Publication Date: 3/6/2019
Vulnerability Publication Date: 3/6/2019
Reference Information
CVE: CVE-2019-1616
BID: 107395
CISCO-SA: cisco-sa-20190306-nxos-fabric-dos
CISCO-BUG-ID: CSCvh99066, CSCvj10176, CSCvj10178, CSCvj10181, CSCvj10183