Lucene search

CiscoCISCO-SA-N9KACI-TCP-DOS-YXUKT6GM

HistoryAug 25, 2021 - 4:00 p.m.

Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability

2021-08-2516:00:00

tools.cisco.com

0.002 Low

EPSS

Percentile

52.7%

JSON

February 23, 2022 Update: After further investigation, Cisco determined that an additional fix was necessary to completely address this vulnerability. The initial fix allowed an attacker to cause high CPU utilization on an affected device, which could impact user traffic. See the Fixed Software [“#fs”] section of this advisory for updated information about the fixed releases.

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition.

This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM”]

This advisory is part of the August 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2021 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74640”].

Affected configurations

Vulners

Node

cisconx_osMatch12.0

cisconx_osMatch12.1

cisconx_osMatch12.2

cisconx_osMatch12.3

cisconx_osMatch13.0

cisconx_osMatch13.1

cisconx_osMatch13.2

cisconx_osMatch14.0

cisconx_osMatch14.1

cisconx_osMatch14.2

cisconx_osMatch15.0

cisconx_osMatch15.1

cisconx_osMatch15.2

cisconexus_9000Matchany

cisconx_osMatchany

cisconx_osMatch12.0\(1m\)

cisconx_osMatch12.0\(2g\)

cisconx_osMatch12.0\(1n\)

cisconx_osMatch12.0\(1o\)

cisconx_osMatch12.0\(1p\)

cisconx_osMatch12.0\(1q\)

cisconx_osMatch12.0\(2h\)

cisconx_osMatch12.0\(2l\)

cisconx_osMatch12.0\(2m\)

cisconx_osMatch12.0\(2n\)

cisconx_osMatch12.0\(2o\)

cisconx_osMatch12.0\(2f\)

cisconx_osMatch12.0\(1r\)

cisconx_osMatch12.1\(1h\)

cisconx_osMatch12.1\(2e\)

cisconx_osMatch12.1\(3g\)

cisconx_osMatch12.1\(4a\)

cisconx_osMatch12.1\(1i\)

cisconx_osMatch12.1\(2g\)

cisconx_osMatch12.1\(2k\)

cisconx_osMatch12.1\(3h\)

cisconx_osMatch12.1\(3j\)

cisconx_osMatch12.2\(1n\)

cisconx_osMatch12.2\(2e\)

cisconx_osMatch12.2\(3j\)

cisconx_osMatch12.2\(4f\)

cisconx_osMatch12.2\(4p\)

cisconx_osMatch12.2\(3p\)

cisconx_osMatch12.2\(3r\)

cisconx_osMatch12.2\(3s\)

cisconx_osMatch12.2\(3t\)

cisconx_osMatch12.2\(2f\)

cisconx_osMatch12.2\(2i\)

cisconx_osMatch12.2\(2j\)

cisconx_osMatch12.2\(2k\)

cisconx_osMatch12.2\(2q\)

cisconx_osMatch12.2\(1o\)

cisconx_osMatch12.2\(4q\)

cisconx_osMatch12.2\(4r\)

cisconx_osMatch12.2\(1k\)

cisconx_osMatch12.3\(1e\)

cisconx_osMatch12.3\(1f\)

cisconx_osMatch12.3\(1i\)

cisconx_osMatch12.3\(1l\)

cisconx_osMatch12.3\(1o\)

cisconx_osMatch12.3\(1p\)

cisconx_osMatch13.0\(1k\)

cisconx_osMatch13.0\(2h\)

cisconx_osMatch13.0\(2k\)

cisconx_osMatch13.0\(2n\)

cisconx_osMatch13.1\(1i\)

cisconx_osMatch13.1\(2m\)

cisconx_osMatch13.1\(2o\)

cisconx_osMatch13.1\(2p\)

cisconx_osMatch13.1\(2q\)

cisconx_osMatch13.1\(2s\)

cisconx_osMatch13.1\(2t\)

cisconx_osMatch13.1\(2u\)

cisconx_osMatch13.1\(2v\)

cisconx_osMatch13.2\(1l\)

cisconx_osMatch13.2\(1m\)

cisconx_osMatch13.2\(2l\)

cisconx_osMatch13.2\(2o\)

cisconx_osMatch13.2\(3i\)

cisconx_osMatch13.2\(3n\)

cisconx_osMatch13.2\(3o\)

cisconx_osMatch13.2\(3r\)

cisconx_osMatch13.2\(4d\)

cisconx_osMatch13.2\(4e\)

cisconx_osMatch13.2\(3j\)

cisconx_osMatch13.2\(3s\)

cisconx_osMatch13.2\(5d\)

cisconx_osMatch13.2\(5e\)

cisconx_osMatch13.2\(5f\)

cisconx_osMatch13.2\(6i\)

cisconx_osMatch13.2\(41d\)

cisconx_osMatch13.2\(7f\)

cisconx_osMatch13.2\(7k\)

cisconx_osMatch13.2\(9b\)

cisconx_osMatch13.2\(8d\)

cisconx_osMatch13.2\(9f\)

cisconx_osMatch13.2\(9h\)

cisconx_osMatch13.2\(10e\)

cisconx_osMatch13.2\(10f\)

cisconx_osMatch13.2\(10g\)

cisconx_osMatch14.0\(1h\)

cisconx_osMatch14.0\(2c\)

cisconx_osMatch14.0\(3d\)

cisconx_osMatch14.0\(3c\)

cisconx_osMatch14.1\(1i\)

cisconx_osMatch14.1\(1j\)

cisconx_osMatch14.1\(1k\)

cisconx_osMatch14.1\(1l\)

cisconx_osMatch14.1\(2g\)

cisconx_osMatch14.1\(2m\)

cisconx_osMatch14.1\(2o\)

cisconx_osMatch14.1\(2s\)

cisconx_osMatch14.1\(2u\)

cisconx_osMatch14.1\(2w\)

cisconx_osMatch14.1\(2x\)

cisconx_osMatch14.2\(1i\)

cisconx_osMatch14.2\(1j\)

cisconx_osMatch14.2\(1l\)

cisconx_osMatch14.2\(2e\)

cisconx_osMatch14.2\(2f\)

cisconx_osMatch14.2\(2g\)

cisconx_osMatch14.2\(3j\)

cisconx_osMatch14.2\(3l\)

cisconx_osMatch14.2\(3n\)

cisconx_osMatch14.2\(3q\)

cisconx_osMatch14.2\(4i\)

cisconx_osMatch14.2\(4k\)

cisconx_osMatch14.2\(4o\)

cisconx_osMatch14.2\(4p\)

cisconx_osMatch14.2\(5k\)

cisconx_osMatch14.2\(5l\)

cisconx_osMatch14.2\(5n\)

cisconx_osMatch14.2\(6d\)

cisconx_osMatch14.2\(6g\)

cisconx_osMatch14.2\(6h\)

cisconx_osMatch14.2\(6l\)

cisconx_osMatch14.2\(7f\)

cisconx_osMatch14.2\(7l\)

cisconx_osMatch14.2\(6o\)

cisconx_osMatch14.2\(7q\)

cisconx_osMatch14.2\(7r\)

cisconx_osMatch15.0\(1k\)

cisconx_osMatch15.0\(1l\)

cisconx_osMatch15.0\(2e\)

cisconx_osMatch15.0\(2h\)

cisconx_osMatch15.1\(1h\)

cisconx_osMatch15.1\(2e\)

cisconx_osMatch15.1\(3e\)

cisconx_osMatch15.1\(4c\)

cisconx_osMatch15.2\(1g\)

cisconx_osMatch15.2\(2e\)

cisconx_osMatch15.2\(2f\)

cisconx_osMatch15.2\(2g\)

cisconx_osMatch15.2\(2h\)

cisconx_osMatch15.2\(3e\)

cisconx_osMatch15.2\(3f\)

cisconx_osMatch15.2\(3g\)

cisconx-os_for_nexus_5600_platform_switchesMatch9000_series_switches

cisconx_osMatchany

cisconx-osMatch9000_series_switchesnexus_9000_series

CPENameOperatorVersion
cisco nx-os system software in aci modeeq12.0
cisco nx-os system software in aci modeeq12.1
cisco nx-os system software in aci modeeq12.2
cisco nx-os system software in aci modeeq12.3
cisco nx-os system software in aci modeeq13.0
cisco nx-os system software in aci modeeq13.1
cisco nx-os system software in aci modeeq13.2
cisco nx-os system software in aci modeeq14.0
cisco nx-os system software in aci modeeq14.1
cisco nx-os system software in aci modeeq14.2

Name	Operator	Version
cisco nx-os system software in aci mode	eq	12.0
cisco nx-os system software in aci mode	eq	12.1
cisco nx-os system software in aci mode	eq	12.2
cisco nx-os system software in aci mode	eq	12.3
cisco nx-os system software in aci mode	eq	13.0
cisco nx-os system software in aci mode	eq	13.1
cisco nx-os system software in aci mode	eq	13.2
cisco nx-os system software in aci mode	eq	14.0
cisco nx-os system software in aci mode	eq	14.1
cisco nx-os system software in aci mode	eq	14.2