#VU20496 Input validation error in Cisco Systems, Inc products - CVE-2019-1977

Vulnerability identifier: #VU20496

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1977

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco Nexus 9332PQ Switch
Cisco Nexus 9508 Switch
Cisco Nexus 9372TX-E Switch
Cisco Nexus 93108TC-EX Switch
Cisco Nexus 9504 Switch
Cisco Nexus 93120TX Switch
Cisco Nexus 93108TC-FX Switch
Cisco Nexus 9396TX Switch
Cisco Nexus 9396PX Switch
Cisco Nexus 9516 Switch
Cisco Nexus 9000 Series Switches in ACI Mode
Cisco Nexus 9372PX-E Switch
Cisco Nexus 9348GC-FXP Switch
Cisco Nexus 93180YC-EX Switch
Cisco Nexus 93128TX Switch
Cisco Nexus 93180YC-FX Switch
Cisco Nexus 9364C Switch
Cisco Nexus 9372PX Switch
Cisco Nexus 93180LC-EX Switch
Cisco Nexus 9336PQ ACI Spine Switch
Cisco Nexus 9372TX Switch
Cisco Nexus 9336C-FX2 Switch
Cisco NX-OS

Software vendor:
Cisco Systems, Inc

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when "Disable Remote Endpoint Learning" has been enabled. A remote attacker can cause a denial of service (DoS) condition on an endpoint device in certain circumstances.

Install updates from vendor's website.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nexus-aci-dos