#VU20487 Input validation error in Cisco NX-OS


Published: 2019-08-30

Vulnerability identifier: #VU20487

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1968

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco NX-OS
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause a system process to unexpectedly restart.

The vulnerability exists due to incorrect validation of the HTTP header of a request that is sent to the NX-API feature. A remote attacker can send a specially crafted HTTP request to the NX-API and cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic.

This vulnerability affects the following products that are running a Cisco NX-OS Software and had the NX-API feature enabled:
  • MDS 9000 Series Multilayer Switches
  • Nexus 3000 Series Switches
  • Nexus 3500 Platform Switches
  • Nexus 3600 Platform Switches
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 7000 Series Switches
  • Nexus 7700 Series Switches
  • Nexus 9000 Series Switches in standalone NX-OS mode
  • Nexus 9500 R-Series Switching Platform

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco NX-OS: 6.0.2 A8 - 9.2

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Cisco NX-OS Software