Denial of Service Vulnerability in Cisco NX-OS Devices
CVE-2015-0718

7.5HIGH

Key Information:

Vendor
Cisco
Status
Unified Computing System
X14j Firmware
Nx-os
Opensolaris
Vendor
CVE Published:
3 March 2016

Summary

Certain versions of Cisco NX-OS software, spanning from 4.0 to 6.1, present a vulnerability that allows attackers to induce a denial of service. This can be achieved by sending specially crafted TCP packets to a device that is maintaining a TCP session in the TIME_WAIT state, thereby causing the TCP stack to reload unexpectedly. This affects multiple Nexus series devices and UCS platforms, posing significant risks to network availability.

References

http://www.securitytracker.com/id/1035159
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1035160
vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.