Multiple vulnerabilities in Cisco NX-OS Software

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU20483

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-1969

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform SNMP polling of an affected device.

The vulnerability exists in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. A remote attacker can perform SNMP polling of an affected device that should have been denied. The attacker has no control of the configuration of the SNMP ACL name.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 7.0.3 I4 1 - 9.2

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:7.0.3 I4 1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:7.0.3 I7:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:9.2:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU20539

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-1963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. A remote authenticated attacker can send a specially crafted SNMP packet to the SNMP daemon and cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

This vulnerability affects the following products if they have SNMP configured and they are running a vulnerable release of Cisco FXOS or NX-OS Software:

• Firepower 4100 Series
• Firepower 9300 Security Appliances
• MDS 9000 Series Multilayer Switches
• Nexus 1000 Virtual Edge for VMware vSphere
• Nexus 1000V Switch for Microsoft Hyper-V
• Nexus 1000V Switch for VMware vSphere
• Nexus 3000 Series Switches
• Nexus 3500 Platform Switches
• Nexus 3600 Platform Switches
• Nexus 5500 Platform Switches
• Nexus 5600 Platform Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 7700 Series Switches
• Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
• Nexus 9000 Series Switches in standalone NX-OS mode
• Nexus 9500 R-Series Switching Platform
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects
• UCS 6400 Series Fabric Interconnects

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 5.2 - 14.1

Cisco FXOS: 2.2 - 2.4

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:6.2:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:7.0.3 F:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_fxos:*:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_fxos:2.2:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_fxos:2.3:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU20496

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-1977

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when "Disable Remote Endpoint Learning" has been enabled. A remote attacker can cause a denial of service (DoS) condition on an endpoint device in certain circumstances.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Nexus 9332PQ Switch: All versions

Cisco Nexus 9508 Switch: All versions

Cisco Nexus 9372TX-E Switch: All versions

Cisco Nexus 93108TC-EX Switch: All versions

Cisco Nexus 9504 Switch: All versions

Cisco Nexus 93120TX Switch: All versions

Cisco Nexus 93108TC-FX Switch: All versions

Cisco Nexus 9396TX Switch: All versions

Cisco Nexus 9396PX Switch: All versions

Cisco Nexus 9516 Switch: All versions

Cisco Nexus 9000 Series Switches in ACI Mode: All versions

Cisco NX-OS: 12.3.1h - 13.1.2p

Cisco Nexus 9372PX-E Switch: All versions

Cisco Nexus 9348GC-FXP Switch: All versions

Cisco Nexus 93180YC-EX Switch: All versions

Cisco Nexus 93128TX Switch: All versions

Cisco Nexus 93180YC-FX Switch: All versions

Cisco Nexus 9364C Switch: All versions

Cisco Nexus 9372PX Switch: All versions

Cisco Nexus 93180LC-EX Switch: All versions

Cisco Nexus 9336PQ ACI Spine Switch: All versions

Cisco Nexus 9372TX Switch: All versions

Cisco Nexus 9336C-FX2 Switch: All versions

CPE2.3

• cpe:2.3:h:cisco_systems:cisco_nexus_9332pq_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9508_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9372tx-e_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93108tc-ex_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9504_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93120tx_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93108tc-fx_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9396tx_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9396px_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9516_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_in_aci_mode:*:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:12.3.1h:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9372px-e_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9348gc-fxp_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93180yc-ex_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93128tx_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93180yc-fx_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9364c_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9372px_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_93180lc-ex_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9336pq_aci_spine_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9372tx_switch:*:*:*:*:*:*:*:*
• cpe:2.3:h:cisco_systems:cisco_nexus_9336c-fx2_switch:*:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nexus-aci-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource exhaustion

EUVDB-ID: #VU20491

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-1965

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause unexpected system behaviors and crashes.

The vulnerability exists in the Virtual Shell (VSH) session management due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. A remote authenticated attacker can repeatedly perform a remote management connection to the device and terminate the connection in an unexpected manner and cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition.

This vulnerability affects the following products that are running a Cisco NX-OS Software:

• MDS 9000 Series Multilayer Switches
• Nexus 3000 Series Switches
• Nexus 3500 Platform Switches
• Nexus 3600 Platform Switches
• Nexus 5500 Platform Switches
• Nexus 5600 Platform Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 7700 Series Switches
• Nexus 9000 Series Switches in standalone NX-OS mode
• Nexus 9500 R-Series Switching Platform
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 3.2 - 8.3

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:3.2:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:4.0:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:5.2:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU20489

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-1964

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause an unexpected restart of the netstack process on an affected device.

The vulnerability exists due to improper validation of IPv6 traffic sent through an affected device. A remote attacker can send a malformed IPv6 packet through an affected device, cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device.

This vulnerability affects the following products that are running a Cisco NX-OS Software:

• Nexus 7000 Series Switches
• Nexus 7700 Series Switches

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco NX-OS: 8.1 - 8.3

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:8.1:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:8.2:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:8.3:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU20488

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-1962

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. A remote attacker can send a malicious Cisco Fabric Services TCP packet, cause process crashes, resulting in a device reload and a DoS condition.

This vulnerability affects the following products that are running a Cisco NX-OS Software with CFSoIP enabled:

• MDS 9000 Series Multilayer Switches
• Nexus 3000 Series Switches
• Nexus 3500 Platform Switches
• Nexus 3600 Platform Switches
• Nexus 5500 Platform Switches
• Nexus 5600 Platform Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 7700 Series Switches
• Nexus 9000 Series Switches in standalone NX-OS mode
• Nexus 9500 R-Series Switching Platform
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 3.2 - 7.3

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:3.2:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:4.0:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:5.2:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU20487

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-1968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause a system process to unexpectedly restart.

The vulnerability exists due to incorrect validation of the HTTP header of a request that is sent to the NX-API feature. A remote attacker can send a specially crafted HTTP request to the NX-API and cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 6.0.2 U4 - 9.2

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:6.0.2 U4:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:6.0.2 U5:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:6.0.2 U6:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU20486

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-1967

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Network Time Protocol (NTP) feature due to excessive use of system resources when logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. A remote attacker can flood the device with a steady stream of Mode 7 NTP packets and cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 6.0.2 U6 - 9.2

CPE2.3

• cpe:2.3:o:cisco_systems:cisco_nx-os:6.0.2 U6:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:6.0.2 A8:*:*:*:*:*:*:*
• cpe:2.3:o:cisco_systems:cisco_nx-os:6.2:*:*:*:*:*:*:*

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.