Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol DoS (cisco-sa-20180620-nxos-cdp)

medium Nessus Plugin ID 138349


The remote device is missing a vendor-supplied security patch


According to its self-reported version, Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability exists in Cisco Discovery Protocol due to failure to properly validate certain fields within a Cisco Discovery Protocol message. An unauthenticated, adjacent attacker can exploit this issue, via submiting a Cisco Discovery Protocol message, to cause the system to stop responding.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.


Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvc89242, CSCve40943, CSCve40953, CSCve40965, CSCve40970, CSCve40978, CSCve40992, CSCve41000, CSCve41007

See Also

Plugin Details

Severity: Medium

ID: 138349

File Name: cisco-sa-20180620-nxos-cdp-fxos.nasl

Version: 1.6

Type: combined

Family: CISCO

Published: 7/9/2020

Updated: 5/20/2021

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2018-0331


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:fxos

Required KB Items: installed_sw/FXOS

Exploit Ease: No known exploits are available

Patch Publication Date: 6/20/2018

Vulnerability Publication Date: 6/21/2018

Reference Information

CVE: CVE-2018-0331