Lucene search

CiscoCISCO-SA-20190703-N9KACI-BYPASS

HistoryJul 03, 2019 - 4:00 p.m.

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

2019-07-0316:00:00

tools.cisco.com

102

0.001 Low

EPSS

Percentile

29.8%

JSON

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN.

The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass”]

Affected configurations

Vulners

Node

cisconx-osMatch12.0nexus_9000_series

cisconx-osMatch12.1nexus_9000_series

cisconx-osMatch12.2nexus_9000_series

cisconx-osMatch12.3nexus_9000_series

cisconx-osMatch13.0nexus_9000_series

cisconx-osMatch13.1nexus_9000_series

cisconx-osMatch13.2nexus_9000_series

cisconx-osMatch14.0nexus_9000_series

cisconx-osMatch14.1nexus_9000_series

cisconx-osMatchanynexus_9000_series

cisconx-osMatch12.0\(1m\)nexus_9000_series

cisconx-osMatch12.0\(2g\)nexus_9000_series

cisconx-osMatch12.0\(1n\)nexus_9000_series

cisconx-osMatch12.0\(1o\)nexus_9000_series

cisconx-osMatch12.0\(1p\)nexus_9000_series

cisconx-osMatch12.0\(1q\)nexus_9000_series

cisconx-osMatch12.0\(2h\)nexus_9000_series

cisconx-osMatch12.0\(2l\)nexus_9000_series

cisconx-osMatch12.0\(2m\)nexus_9000_series

cisconx-osMatch12.0\(2n\)nexus_9000_series

cisconx-osMatch12.0\(2o\)nexus_9000_series

cisconx-osMatch12.0\(2f\)nexus_9000_series

cisconx-osMatch12.0\(1r\)nexus_9000_series

cisconx-osMatch12.1\(1h\)nexus_9000_series

cisconx-osMatch12.1\(2e\)nexus_9000_series

cisconx-osMatch12.1\(3g\)nexus_9000_series

cisconx-osMatch12.1\(4a\)nexus_9000_series

cisconx-osMatch12.1\(1i\)nexus_9000_series

cisconx-osMatch12.1\(2g\)nexus_9000_series

cisconx-osMatch12.1\(2k\)nexus_9000_series

cisconx-osMatch12.1\(3h\)nexus_9000_series

cisconx-osMatch12.1\(3j\)nexus_9000_series

cisconx-osMatch12.2\(1n\)nexus_9000_series

cisconx-osMatch12.2\(2e\)nexus_9000_series

cisconx-osMatch12.2\(3j\)nexus_9000_series

cisconx-osMatch12.2\(4f\)nexus_9000_series

cisconx-osMatch12.2\(4p\)nexus_9000_series

cisconx-osMatch12.2\(3p\)nexus_9000_series

cisconx-osMatch12.2\(3r\)nexus_9000_series

cisconx-osMatch12.2\(3s\)nexus_9000_series

cisconx-osMatch12.2\(3t\)nexus_9000_series

cisconx-osMatch12.2\(2f\)nexus_9000_series

cisconx-osMatch12.2\(2g\)nexus_9000_series

cisconx-osMatch12.2\(2i\)nexus_9000_series

cisconx-osMatch12.2\(2j\)nexus_9000_series

cisconx-osMatch12.2\(2k\)nexus_9000_series

cisconx-osMatch12.2\(2q\)nexus_9000_series

cisconx-osMatch12.2\(1o\)nexus_9000_series

cisconx-osMatch12.2\(4q\)nexus_9000_series

cisconx-osMatch12.2\(4r\)nexus_9000_series

cisconx-osMatch12.2\(1k\)nexus_9000_series

cisconx-osMatch12.3\(1e\)nexus_9000_series

cisconx-osMatch12.3\(1f\)nexus_9000_series

cisconx-osMatch12.3\(1i\)nexus_9000_series

cisconx-osMatch12.3\(1l\)nexus_9000_series

cisconx-osMatch12.3\(1o\)nexus_9000_series

cisconx-osMatch12.3\(1p\)nexus_9000_series

cisconx-osMatch13.0\(1k\)nexus_9000_series

cisconx-osMatch13.0\(2h\)nexus_9000_series

cisconx-osMatch13.0\(2k\)nexus_9000_series

cisconx-osMatch13.0\(2n\)nexus_9000_series

cisconx-osMatch13.0\(1i\)nexus_9000_series

cisconx-osMatch13.0\(2m\)nexus_9000_series

cisconx-osMatch13.1\(1i\)nexus_9000_series

cisconx-osMatch13.1\(2m\)nexus_9000_series

cisconx-osMatch13.1\(2o\)nexus_9000_series

cisconx-osMatch13.1\(2p\)nexus_9000_series

cisconx-osMatch13.1\(2q\)nexus_9000_series

cisconx-osMatch13.1\(2s\)nexus_9000_series

cisconx-osMatch13.1\(2t\)nexus_9000_series

cisconx-osMatch13.1\(2u\)nexus_9000_series

cisconx-osMatch13.1\(2v\)nexus_9000_series

cisconx-osMatch13.2\(1l\)nexus_9000_series

cisconx-osMatch13.2\(1m\)nexus_9000_series

cisconx-osMatch13.2\(2l\)nexus_9000_series

cisconx-osMatch13.2\(2o\)nexus_9000_series

cisconx-osMatch13.2\(3i\)nexus_9000_series

cisconx-osMatch13.2\(3n\)nexus_9000_series

cisconx-osMatch13.2\(3o\)nexus_9000_series

cisconx-osMatch13.2\(3r\)nexus_9000_series

cisconx-osMatch13.2\(4d\)nexus_9000_series

cisconx-osMatch13.2\(4e\)nexus_9000_series

cisconx-osMatch13.2\(3j\)nexus_9000_series

cisconx-osMatch13.2\(3s\)nexus_9000_series

cisconx-osMatch13.2\(5d\)nexus_9000_series

cisconx-osMatch13.2\(5e\)nexus_9000_series

cisconx-osMatch13.2\(5f\)nexus_9000_series

cisconx-osMatch13.2\(6i\)nexus_9000_series

cisconx-osMatch13.2\(41d\)nexus_9000_series

cisconx-osMatch13.2\(7f\)nexus_9000_series

cisconx-osMatch13.2\(7k\)nexus_9000_series

cisconx-osMatch14.0\(1h\)nexus_9000_series

cisconx-osMatch14.0\(2c\)nexus_9000_series

cisconx-osMatch14.0\(3d\)nexus_9000_series

cisconx-osMatch14.0\(3c\)nexus_9000_series

cisconx-osMatch14.1\(1i\)nexus_9000_series

cisconx-osMatch14.1\(1j\)nexus_9000_series

cisconx-osMatch14.1\(1k\)nexus_9000_series

cisconx-osMatch14.1\(1l\)nexus_9000_series

cisconx-os_for_nexus_5600_platform_switchesMatch9000_series_switches

cisconx-osMatch9000_series_switchesnexus_9000_series

CPENameOperatorVersion
cisco nx-os system software in aci modeeq12.0
cisco nx-os system software in aci modeeq12.1
cisco nx-os system software in aci modeeq12.2
cisco nx-os system software in aci modeeq12.3
cisco nx-os system software in aci modeeq13.0
cisco nx-os system software in aci modeeq13.1
cisco nx-os system software in aci modeeq13.2
cisco nx-os system software in aci modeeq14.0
cisco nx-os system software in aci modeeq14.1
cisco nexus 9000 series switcheseqany

Name	Operator	Version
cisco nx-os system software in aci mode	eq	12.0
cisco nx-os system software in aci mode	eq	12.1
cisco nx-os system software in aci mode	eq	12.2
cisco nx-os system software in aci mode	eq	12.3
cisco nx-os system software in aci mode	eq	13.0
cisco nx-os system software in aci mode	eq	13.1
cisco nx-os system software in aci mode	eq	13.2
cisco nx-os system software in aci mode	eq	14.0
cisco nx-os system software in aci mode	eq	14.1
cisco nexus 9000 series switches	eq	any