Cisco NX-OS Software Pong Packet Denial of Service Vulnerability

A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload.

Note: This vulnerability is exploitable only when all of the following are true:

  The Pong tool is enabled on an affected device. The Pong tool is disabled in NX-OS by default.
  The FabricPath feature is enabled on an affected device. The FabricPath feature is disabled in NX-OS by default.

A FabricPath port is actively monitored via a Switched Port Analyzer (SPAN) session. SPAN sessions are not configured or enabled in NX-OS by default.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os”]