—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service Vulnerability

Advisory ID: cisco-20180718-nexus-9000-dos

Revision: 1.0

For Public Release: 2018 July 18 16:00 GMT

Last Updated: 2018 July 18 16:00 GMT

CVE ID(s): CVE-2018-0372

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service (DoS) condition on an affected system.

The vulnerability is due to improper memory management when DHCPv6 packets are received on an interface of the targeted device. An attacker could exploit this vulnerability by sending a high number of malicious DHCPv6 packets to be processed by an affected device. A successful exploit could allow the attacker to cause the system to run low on memory, which could cause an eventual reboot of an affected device. The vulnerability only applies to IPv6 protocol packets and not for IPv4 protocol packets.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-20180718-nexus-9000-dos”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbT2bGXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczHtkP/A5arxgAh/uBACT3qonPwQ2YP3WE
mSmE791A92Bt/P/DwEhF6dsekVmWAhdyJ+LKaDDc/AL3LNqNjUInJzXgjtNWVks4
5LsTa1WI9CUkNlrmK++SKWDDrsYPq1GPt14sEyoI41wJnU2Mvgv8k0T467B6E7z+
gO25Tz+/BxruDGV7GX0PVyVMMfVUYUQvZDwsRW1eXFTNDKR89hMBSiDbG3asnj+A
GyhGZDB0XjK7qIQeAkZp8evQmV+vg+cTJNTFiaftcEjYX3pw0Y6J8fKj7PPwMD0s
z1nW+Wi62h+Jx+uJIO1+txHlQD7T0VNLsF0rfBe3sNd1nz6RQxMPPOhUblQkeh0D
J+EIcBdf7vJvaidQ812U0jtbjFSzPZQomhDQjB62QFKhWlS+RL59pXj5pUzcF6cf
q5YjMo3w9kIcFVTFtcF16TlM7Qa4I893ZSzsinocAv2shnGpfY6YF+7CK/3aY3gC
DImLj0YpZ25BLahbB/xgF8V96DAz8GGdmlwAGFw73lqdmrABjtPFziwVUGzoWEva
cXw6zj01U8qnJl0tUe5MUo9mJ5zfcwN0DOYP2/h71P8rjZmsXWxYN5rGLrS8Lr5b
cLXXBKdKZH9qHu81KERLoEmaTjTGVY3Rj4jDQglqyhBMOokKbkugcGHEqA24RjPN
wdksAZuP/OWcm97s
=zdmz
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com