Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2019-03294

Опубликовано: 28 авг. 2019
Источник: fstec
CVSS3: 6.8
CVSS2: 5.4
EPSS Низкий

Описание

Уязвимость функции Endpoint Learning сетевой операционной системы NX-OS коммутаторов Cisco Nexus серии 9000 связана с ошибками управления состоянием. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

NX-OS

Версия ПО

12.0.1m (NX-OS)
12.0.2g (NX-OS)
12.0.1n (NX-OS)
12.0.1o (NX-OS)
12.0.1p (NX-OS)
12.0.1q (NX-OS)
12.0.2h (NX-OS)
12.0.2l (NX-OS)
12.0.2m (NX-OS)
12.0.2n (NX-OS)
12.0.2o (NX-OS)
12.0.2f (NX-OS)
12.0.1r (NX-OS)
12.1.1h (NX-OS)
12.1.2e (NX-OS)
12.1.3g (NX-OS)
12.1.4a (NX-OS)
12.1.1i (NX-OS)
12.1.2g (NX-OS)
12.1.2k (NX-OS)
12.1.3h (NX-OS)
12.1.3j (NX-OS)
12.2.1n (NX-OS)
12.2.2e (NX-OS)
12.2.3j (NX-OS)
12.2.4f (NX-OS)
12.2.3p (NX-OS)
12.2.3r (NX-OS)
12.2.3s (NX-OS)
12.2.3t (NX-OS)
12.2.2f (NX-OS)
12.2.2g (NX-OS)
12.2.2i (NX-OS)
12.2.2j (NX-OS)
12.2.2k (NX-OS)
12.2.2q (NX-OS)
12.2.1o (NX-OS)
12.2.1k (NX-OS)
12.3.1e (NX-OS)
12.3.1f (NX-OS)
12.3.1i (NX-OS)
12.3.1l (NX-OS)
12.3.1o (NX-OS)
12.3.1p (NX-OS)
13.0.1k (NX-OS)
13.0.2h (NX-OS)
13.0.2k (NX-OS)
13.0.2n (NX-OS)
13.0.1i (NX-OS)
13.0.2m (NX-OS)
13.1.1i (NX-OS)
13.1.2m (NX-OS)
13.1.2o (NX-OS)
13.1.2p (NX-OS)
13.1.2q (NX-OS)
13.1.2s (NX-OS)
13.1.2t (NX-OS)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. NX-OS 12.0.1m
Cisco Systems Inc. NX-OS 12.0.2g
Cisco Systems Inc. NX-OS 12.0.1n
Cisco Systems Inc. NX-OS 12.0.1o
Cisco Systems Inc. NX-OS 12.0.1p
Cisco Systems Inc. NX-OS 12.0.1q
Cisco Systems Inc. NX-OS 12.0.2h
Cisco Systems Inc. NX-OS 12.0.2l
Cisco Systems Inc. NX-OS 12.0.2m
Cisco Systems Inc. NX-OS 12.0.2n
Cisco Systems Inc. NX-OS 12.0.2o
Cisco Systems Inc. NX-OS 12.0.2f
Cisco Systems Inc. NX-OS 12.0.1r
Cisco Systems Inc. NX-OS 12.1.1h
Cisco Systems Inc. NX-OS 12.1.2e
Cisco Systems Inc. NX-OS 12.1.3g
Cisco Systems Inc. NX-OS 12.1.4a
Cisco Systems Inc. NX-OS 12.1.1i
Cisco Systems Inc. NX-OS 12.1.2g
Cisco Systems Inc. NX-OS 12.1.2k
Cisco Systems Inc. NX-OS 12.1.3h
Cisco Systems Inc. NX-OS 12.1.3j
Cisco Systems Inc. NX-OS 12.2.1n
Cisco Systems Inc. NX-OS 12.2.2e
Cisco Systems Inc. NX-OS 12.2.3j
Cisco Systems Inc. NX-OS 12.2.4f
Cisco Systems Inc. NX-OS 12.2.3p
Cisco Systems Inc. NX-OS 12.2.3r
Cisco Systems Inc. NX-OS 12.2.3s
Cisco Systems Inc. NX-OS 12.2.3t
Cisco Systems Inc. NX-OS 12.2.2f
Cisco Systems Inc. NX-OS 12.2.2g
Cisco Systems Inc. NX-OS 12.2.2i
Cisco Systems Inc. NX-OS 12.2.2j
Cisco Systems Inc. NX-OS 12.2.2k
Cisco Systems Inc. NX-OS 12.2.2q
Cisco Systems Inc. NX-OS 12.2.1o
Cisco Systems Inc. NX-OS 12.2.1k
Cisco Systems Inc. NX-OS 12.3.1e
Cisco Systems Inc. NX-OS 12.3.1f
Cisco Systems Inc. NX-OS 12.3.1i
Cisco Systems Inc. NX-OS 12.3.1l
Cisco Systems Inc. NX-OS 12.3.1o
Cisco Systems Inc. NX-OS 12.3.1p
Cisco Systems Inc. NX-OS 13.0.1k
Cisco Systems Inc. NX-OS 13.0.2h
Cisco Systems Inc. NX-OS 13.0.2k
Cisco Systems Inc. NX-OS 13.0.2n
Cisco Systems Inc. NX-OS 13.0.1i
Cisco Systems Inc. NX-OS 13.0.2m
Cisco Systems Inc. NX-OS 13.1.1i
Cisco Systems Inc. NX-OS 13.1.2m
Cisco Systems Inc. NX-OS 13.1.2o
Cisco Systems Inc. NX-OS 13.1.2p
Cisco Systems Inc. NX-OS 13.1.2q
Cisco Systems Inc. NX-OS 13.1.2s
Cisco Systems Inc. NX-OS 13.1.2t

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5,4)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 6,8)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nexus-aci-dos

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 76%
0.00947
Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2019-1977

CVSS3: 6.8
nvd
больше 6 лет назад

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.

github логотип

GHSA-3993-q22g-mw33

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.

EPSS

Процентиль: 76%
0.00947
Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS2