7.8 - cisco-sa-20180620-nxosbgp

A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading.

The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly.

The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network.

The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp"]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"].

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbKnp+XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcziIIP/RUGonA5ai81WedY+TBrIrx9tugn rwsSgglWTUw36EMCaCnhQKKAp1CmDT7ykrLFriyleWGtaq5OxloNFmZBqe0EZaYp JYP4rWnrpFxOA2LA238kmIpfZYC18twS0OS4C/g4rvEdRjeCNXyfU19YgK2FmYZQ LtdbRXWBiOdlYAnutOeq7WZDyQmzYiHoZcXI8w5VN6XnEbHJ4x81KlDVXTHrhN3e pmCPTdnjdq/GzpYEqxx10dwsFXFXvQTD7Cn7dRkPGLO6rIbZNqabIEeTT/uxyfs6 KIF6LQ5hRuv5R0HwxYN+X/FMkSaVoTI5Vens//Mzb7prSK1XTbcppAWWlSZb5+C0 ad+DQyBqhTcb7XRfiaxpreYGlDFzIa8Ac09c+inzN6L6SMUo5in4XJPWN00dUsZO xpM6B5P3dIL1VWjyR5EYUE3Mwet56iu7BRM3KIfwIo5h3iVrqbmBN6hINlsRONED mmYIMnw12GINACiWpU3aQ3N5HA7T9Z31QU5SsZWjFH/v1/joUbNJj8GORx7nEKEb RY8uJQdUVrM4mNuRLO0uP3g5Kpk0mz4k7PjjyhirwWdhUf/bKxyLQ3xw2Yw9KPcb F532SaT4E2NlRmuHioAvWDW6jlVsbAgf1iDr6cLF408fwQoLVCHSubGUOeTsMPQM ipdGGxQvI5GyckeW =L/zM END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com