A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

The vulnerability exists because the affected software attempts to free the same area of memory twice.

An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port.

An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload.


Note:
This vulnerability is exploitable only when all of the following are true:

The Pong tool is enabled on an affected device.

The Pong tool is disabled in NX-OS by default.

The FabricPath feature is enabled on an affected device.

The FabricPath feature is disabled in NX-OS by default.
A FabricPath port is actively monitored via a Switched Port Analyzer (SPAN) session.
SPAN sessions are not configured or enabled in NX-OS by default.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os

Security Impact Rating: High

CVE: CVE-2018-0102

Leave a Reply