====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN240

_____________________________________________________________________

DATE                : 01/08/2019

HARDWARE PLATFORM(S): Cisco Nexus 9000 Series ACI Mode Switch.

OPERATING SYSTEM(S): Cisco NX-OS.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo
_____________________________________________________________________

Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch
Software Link Layer Discovery Protocol Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20190731-nxos-bo

Revision: 1.0

For Public Release: 2019 July 31 16:00 GMT

Last Updated: 2019 July 31 16:00 GMT

CVE ID(s): CVE-2019-1901

CVSS Score v(3): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of
Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode
Switch Software could allow an adjacent, unauthenticated attacker to
cause a denial of service (DoS) condition or execute arbitrary code with
root privileges.

The vulnerability is due to improper input validation of certain type,
length, value (TLV) fields of the LLDP frame header. An attacker could
exploit this vulnerability by sending a crafted LLDP packet to the
targeted device. A successful exploit may lead to a buffer overflow
condition that could either cause a DoS condition or allow the attacker
to execute arbitrary code with root privileges.

Note: This vulnerability cannot be exploited by transit traffic through
the device; the crafted packet must be targeted to a directly connected
interface.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190731-nxos-bo"]

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================