#VU10108 Denial of service in Cisco NX-OS - CVE-2018-0102
Published: January 19, 2018
Vulnerability identifier: #VU10108
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0102
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco NX-OS
Cisco NX-OS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an adjacent attacker to cause DoS on the target system.
The weakness exists in the Pong tool of Cisco NX-OS Software due to affected software attempts to free the same area of memory twice. An adjacent attacker can send a pong request to an affected device from a location on the network, trigger the pong reply packet to egress both a FabricPath port and a non-FabricPath port and cause a dual or quad supervisor virtual port-channel (vPC) to reload.
Note: This vulnerability is exploitable only when all of the following are true:
The weakness exists in the Pong tool of Cisco NX-OS Software due to affected software attempts to free the same area of memory twice. An adjacent attacker can send a pong request to an affected device from a location on the network, trigger the pong reply packet to egress both a FabricPath port and a non-FabricPath port and cause a dual or quad supervisor virtual port-channel (vPC) to reload.
Note: This vulnerability is exploitable only when all of the following are true:
- The Pong tool is enabled on an affected device. The Pong tool is disabled in NX-OS by default.
- The FabricPath feature is enabled on an affected device. The FabricPath feature is disabled in NX-OS by default.
- A FabricPath port is actively monitored via a Switched Port Analyzer (SPAN) session. SPAN sessions are not configured or enabled in NX-OS by default.
Remediation
Install update from vendor's website.