#VU13444 Improper input validation in Cisco NX-OS - CVE-2018-0331
Published: June 20, 2018 / Updated: June 25, 2018
Vulnerability identifier: #VU13444
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0331
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco NX-OS
Cisco NX-OS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists in the Cisco Discovery Protocol (formerly known as CDP) subsystem due to improper validation of certain fields within a Cisco Discovery Protocol message prior to processing it. An adjacent attacker can submit a Cisco Discovery Protocol message and cause the service to crash.
Remediation
Install update from vendor's website.