CVE-2019-1617
7.4
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 4.0
Source: NVD
Description
A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2).
Affected (2)
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 7.0\(3\)i5 to 7.0\(3\)i7\(5\) |
| Running on/with | Platform Versions |
|---|---|
Cisco N9k C92160yc X | All versions |
Cisco N9k C9236c | All versions |
Cisco N9k C9272q | All versions |
Cisco N9k C93180lc Ex | All versions |
Cisco N9k C93180yc Ex | All versions |
Cisco N9k C93180yc Fx | All versions |
Cisco N9k X9732c Ex | All versions |
Cisco N9k X9736c Fx | All versions |
References (4)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos
Source: psirt@cisco.com
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Timeline
No history available yet.