Denial of Service Vulnerability in Cisco NX-OS Software's BGP Implementation
CVE-2018-0295

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Nx-os Unknown
Vendor: CVE Published:; 20 June 2018

Summary

A flaw in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software can result in denial of service (DoS) by causing devices to reload unexpectedly. This occurs due to incomplete input validation of BGP update messages, which can be exploited by sending maliciously crafted packets. Attackers must have access to trusted BGP peer information to execute the attack, targeting a router that has an active BGP session with peers. Affected models include various Nexus switch series, placing network operations at risk.

Affected Version(s)

Cisco NX-OS unknown Cisco NX-OS unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041169

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2018
Vulnerability Reserved
Nov 27, 2017