CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
65.8%
A vulnerability in the Message of the Day (MOTD) or banner functionality of the NX-OS Software could allow an unauthenticated, remote attacker to cause the login process to reset.
The vulnerability is due to the MOTD display handling when a certain type of terminal session is requested via Telnet. An attacker could exploit this vulnerability by repeatedly issuing a Telnet session to the NX-OS device, causing the login process to reset. An exploit could allow the attacker to cause the login process of the NX-OS device to reset repeatedly.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit this vulnerability, an attacker would need to start a Telnet session with the targeted device. This requirement may decrease the likelihood of a successful exploit depending on how the targeted device is configured.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx_os | 4.1(2)e1 | cpe:2.3:o:cisco:nx_os:4.1\(2\)e1:*:*:*:*:*:*:* |
cisco | nx_os | 6.0(2)n2 | cpe:2.3:o:cisco:nx_os:6.0\(2\)n2:*:*:*:*:*:*:* |
cisco | nx_os | 6.2 | cpe:2.3:o:cisco:nx_os:6.2:*:*:*:*:*:*:* |
cisco | nx_os | 7.0 | cpe:2.3:o:cisco:nx_os:7.0:*:*:*:*:*:*:* |
cisco | nexus_1000v | any | cpe:2.3:h:cisco:nexus_1000v:any:*:*:*:*:nexus_1000v:*:* |
cisco | nx_os | 4.1(2)e1(1f) | cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1f\):*:*:*:*:*:*:* |
cisco | nx_os | 6.0(2)n2(2) | cpe:2.3:o:cisco:nx_os:6.0\(2\)n2\(2\):*:*:*:*:*:*:* |
cisco | nx_os | 6.2(12) | cpe:2.3:o:cisco:nx_os:6.2\(12\):*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3) | cpe:2.3:o:cisco:nx_os:7.0\(3\):*:*:*:*:*:*:* |
cisco | nexus_1000v | 1000v_switch | cpe:2.3:h:cisco:nexus_1000v:1000v_switch:*:*:*:*:nexus_1000v:*:* |