#VU10107 Denial of service in Cisco NX-OS - CVE-2018-0090
Published: January 19, 2018
Vulnerability identifier: #VU10107
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0090
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco NX-OS
Cisco NX-OS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS on the target system.
The weakness exists in management interface access control list (ACL) configuration of Cisco NX-OS System Software due to a bad code fix in the code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. A remote attacker can send specially crafted traffic to the management interface, bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition.
The weakness exists in management interface access control list (ACL) configuration of Cisco NX-OS System Software due to a bad code fix in the code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. A remote attacker can send specially crafted traffic to the management interface, bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition.
Remediation
The vulnerability is fixed in the following versions: 8.2(0)SK(0.170), 8.1(1.4)S0, 7.3(3)N1(1), 7.3(3)N1(0.480), 7.3(3)N1(0.3), 7.3(3)D1(0.4), 7.3(2)D1(2), 7.3(2)D1(1A).