Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability

2020-02-2616:00:00

tools.cisco.com

0.001 Low

EPSS

Percentile

25.2%

JSON

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet.

The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp”]

Affected configurations

Vulners

Node

cisconx-osMatch7.3\(2\)d1nexus_9000_series

cisconx-osMatch8.0nexus_9000_series

cisconx-osMatch8.1nexus_9000_series

cisconx-osMatch8.2nexus_9000_series

cisconx-osMatch8.3nexus_9000_series

cisconx-osMatch9.2nexus_9000_series

cisconx-osMatch8.4nexus_9000_series

cisconx-osMatch9.3nexus_9000_series

cisconx-os_for_nexus_7700_series_switchesMatchany

cisconx-osMatchanynexus_9000_series

cisconx-osMatch7.3\(2\)d1\(1d\)nexus_9000_series

cisconx-osMatch8.0\(1\)nexus_9000_series

cisconx-osMatch8.1\(1\)nexus_9000_series

cisconx-osMatch8.1\(2\)nexus_9000_series

cisconx-osMatch8.1\(2a\)nexus_9000_series

cisconx-osMatch8.2\(1\)nexus_9000_series

cisconx-osMatch8.2\(2\)nexus_9000_series

cisconx-osMatch8.2\(3\)nexus_9000_series

cisconx-osMatch8.2\(4\)nexus_9000_series

cisconx-osMatch8.3\(1\)nexus_9000_series

cisconx-osMatch8.3\(2\)nexus_9000_series

cisconx-osMatch9.2\(1\)nexus_9000_series

cisconx-osMatch9.2\(2\)nexus_9000_series

cisconx-osMatch9.2\(2t\)nexus_9000_series

cisconx-osMatch9.2\(3\)nexus_9000_series

cisconx-osMatch9.2\(3y\)nexus_9000_series

cisconx-osMatch9.2\(4\)nexus_9000_series

cisconx-osMatch9.2\(2v\)nexus_9000_series

cisconx-osMatch8.4\(1\)nexus_9000_series

cisconx-osMatch9.3\(1\)nexus_9000_series

cisconx-osMatch9.3\(1z\)nexus_9000_series

cisconx-os_for_nexus_5600_platform_switchesMatch7000_series_switches

cisconx-os_for_nexus_5600_platform_switchesMatch3000_series_switches

cisconx-os_for_nexus_5600_platform_switchesMatch9000_series_switches

cisconx-osMatch7000_series_switchesnexus_9000_series