#VU50935 Improper access control in Nexus 9000 Series Fabric Switches - CVE-2021-1231
Published: February 24, 2021
Vulnerability identifier: #VU50935
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1231
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Nexus 9000 Series Fabric Switches
Nexus 9000 Series Fabric Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain unauthorized access to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in the Link Layer Discovery Protocol (LLDP) implementation for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode. A remote attacker on the local network can send a crafted LLDP packet on an SFP interface of the affected device and disable switching on the SFP interface, which could disrupt network traffic.
Remediation
Install updates from vendor's website.