—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20180620-fxnxos-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0303

CVSS Score v(3): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device.

The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos”]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbKnqbXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczHtgQAJsh2zYdwi5+gAsS0T/Fui33SNqv
E3c+R42beYSD/MrQG6IK3ukaVcQ5pqRHHg/osM7lYaVMkn5IKv+sAhWu8oSlmzOs
QWjS8v/7wtPYTPtCPr8KX15Ahd/fh+hLxi1QpTu9Zpb0G0lvoTZSSgwZQSwAzE2/
9skOThLYAan82rN3AyExgauJ2xcc7EXiMx3xxxSYGaYozCTqaCbIYS/ImehSKNmn
0CGvsZYj1j8gP+7X8MIcp1XBpZLnVbc09QxHUFCAEIFS8r27TFP9NTHVFgHDN0A2
uWHiHuCZC/JmAQFz5DfQ/golx0kh0sXFDo3BfPfo0JChiKJx1PniVU7gjv1+Uzxh
XAh+AyI2Bqhy5RZ4GuPekDNUTK+YOQt+cwgBA9P+ReUPsW02XY9r0V+aPS5gaZi4
jDZD78z9csYTampZmiyVfilS3wtN9iMHuSkzhzgTM0adwtuAWY5wdAAzQJFKYMw8
6Tjq6CR+i56js6jF/thNyv5+oGlg+iJW2Ukfcwdgsy1k8VXmS8rnlZ3d0TH96WbQ
i+7vyVNCV3TeOHPtLWyS0gUh261Lgl3y1tw+63EGgGjw2ieQsWUc6R98Khb5E6So
6idHKGkl6NAHbEZNK4B/NhA+i2eQdA07mWs1Vx2VjX3rncy3aLosgSjeOdx2685v
JyYGiz354hgwfbst
=M7Xv
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com