Main Vulnerability Database Vulnerabilities #VU15423

#VU15423 Improper input validation in Cisco NX-OS - CVE-2018-0395

Published: October 18, 2018

Vulnerability identifier: #VU15423

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0395

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco NX-OS

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the Link Layer Discovery Protocol (LLDP) implementation due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An adjacent attacker can send a specially crafted LLDP packet to an interface and cause the switch to reload unexpectedly.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos

#VU15423 Improper input validation in Cisco NX-OS - CVE-2018-0395

Description

Remediation

External links

Please verify you're human