10 - cisco-sa-20180620-nx-os-fabric-dos

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product.

The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos"]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"].

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJbKnqvXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczc/oQAL1IFeiENl514mY5D3lrIU2kVTN9 R4E1cq9RTfGlxrtWv9efkG6WelEek9Z57DhBTG5CFXxBDL+YC1cOguojHn+3ohGb aojBV3pTRatBXtv4Z8CnYVwib/Ay0J8YRqUGFfH2IcCpCNe2hChGhczAm2l9l7L1 d+AUBP9RNoYWc1XyWedioiDA6VQKPl/LortAONui5QLufiZWEpw9U8xzoH7Nd4uF uPz+5ji0NdelRxx+OYL4D/2gML+4p8HTA0Bd/+U2XnKMCPO23pGtOyf/xBxPoxb7 Jg5JaMeFNkl9R5QwamqEad+nTtFF76Z8GB5R81ud/r3UWIyo7Pyvh/H2ba/mciCN ZlYIQX2mN8kKH/a1HCkTEXwys6ohJ2CsAY0E2ivzTaFgjICM7iI+6e3lS8MJC0lg WWvT5Fpn8kmoZwgXCgi/y84/wX96JmJT0RRi8/9TzdfYZuiQxSyBb8M9cHGs+EZC xBeEXs19WgapptPi2XXJphkprSUNUtxOHaMnOYMYzxz9lmaB+AFWBSlPZwDAby6e ve/4g0xO5pnPhzD2qjG236mjEGhP13uLJnE7BpUksPLKlcq4I2K2inDdxxI8z06U Sgib5SZ+ZDEpI7PQ4vGJLe2XdQcrCWmk6dJYFaOQ9JXEYXdbCSIr6wLEzqmDuI8T V7cS/jLtAnU1iOqV =dt4c END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com