SB2021022515 - Multiple vulnerabilities in Cisco Nexus 9000 Series Switches in ACI Mode

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2021-1228)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. A remote attacker on the local network can send a specially crafted LLDP packet and make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

2) Input validation error (CVE-ID: CVE-2021-1230)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an issue with the installation of routes upon receipt of the Border Gateway Protocol (BGP) update. A remote attacker can send a specially crafted BGP update to the affected device and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-bgp-De9dPKSK