Main Vulnerability Database Vulnerabilities #VU15423

Improper input validation in Cisco NX-OS - CVE-2018-0395

Published: October 18, 2018

Vulnerability identifier: #VU15423

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0395

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco NX-OS

Detailed vulnerability description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the Link Layer Discovery Protocol (LLDP) implementation due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An adjacent attacker can send a specially crafted LLDP packet to an interface and cause the switch to reload unexpectedly.

How to mitigate CVE-2018-0395

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos

Improper input validation in Cisco NX-OS - CVE-2018-0395

Detailed vulnerability description

How to mitigate CVE-2018-0395

Sources

Please verify you're human