Denial of service in Cisco Nexus 9000 Series Fabric Switches
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-1231 |
| CWE-ID | CWE-284 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Nexus 9000 Series Fabric Switches Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper access control
EUVDB-ID: #VU50935
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1231
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the Link Layer Discovery Protocol (LLDP) implementation for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode. A remote attacker on the local network can send a crafted LLDP packet on an SFP interface of the affected device and disable switching on the SFP interface, which could disrupt network traffic.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNexus 9000 Series Fabric Switches: 14.2.4i
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-lldap-dos-WerV9CFj
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu84570
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
