Top Banner

Multiple Vulnerabilities in Cisco

Severity Rating: HIGH

Component Affected

Cisco WLC devices
Cisco Nexus 5500, 5600, and 6000 Series Switches
Firepower 4100 Series Next-Generation Firewall
Firepower 9300 Security Appliance
MDS 9000 Series Multilayer Switches
Nexus 2000 Series Switches
Nexus 3000 Series Switches
Nexus 3500 Platform Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Platform Switches
Nexus 7000 Series Switches
Nexus 7700 Series Switches
Nexus 9000 Series Fabric Switches in Application Centric Infrastructure
(ACI) mode
Unified Computing System (UCS) 6100 Series Fabric Interconnects
UCS 6200 Series Fabric Interconnects
UCS 6300 Series Fabric Interconnects

Overview

Vulnerabilities have been reported in the Cisco wireless LAN controller, Nexus series switches and NX-OS software which could allow the remote attacker to cause Denial of service on the target system.

Description

1. Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability ( CVE-2018-0443 )
A vulnerability exists in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. Successful exploitation of this vulnerability could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.

2. Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability ( CVE-2018-0378 ) A vulnerability exists in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software due to a lack of protection against PTP frame flood attacks. A remote attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. Successful exploitation of this vulnerability could allow the attacker to cause a DoS condition, impacting the traffic passing through the device.

3. Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability ( CVE-2018-0395 ) A vulnerability exists in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. Successful exploitation of this vulnerability could allow the attacker to cause the switch to reload unexpectedly.

CVE Name

CVE-2018-0443
CVE-2018-0378
CVE-2018-0395

More News