A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105674 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041919 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
20 Apr 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:cisco:fxos:6.1\(3\)s2:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:3.2\(3d\)c:*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:12.3\(1e\):*:*:*:*:*:*:* cpe:2.3:o:cisco:fxos:r231:*:*:*:*:*:*:* |
cpe:2.3:o:cisco:firepower_extensible_operating_system:r231:*:*:*:*:*:*:* |
Information
Published : 2018-10-17 19:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-0395
Mitre link : CVE-2018-0395
CVE.ORG link : CVE-2018-0395
JSON object : View
Products Affected
cisco
- nexus_7000_18-slot
- nexus_7000_10-slot
- nexus_7700_2-slot
- nexus_7000_9-slot
- firepower_extensible_operating_system
- ucs
- firepower_9300
- nx-os
- nexus_7000_4-slot
- nexus_7700_18-slot
- nexus_7700_10-slot
- nexus_7700_6-slot
CWE
CWE-20
Improper Input Validation