Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode. This vulnerability allows an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, leading to a denial-of-service condition. The issue arises from the improper handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to the affected device, causing it to reload.

Impact

Exploitation of this vulnerability causes the device to reload unexpectedly, disrupting network services and causing a denial-of-service condition.

Remediation

Cisco has released free software updates that address this vulnerability. Customers with service contracts should obtain these security fixes through their usual update channels. For customers without service contracts, contact the Cisco Technical Assistance Center (TAC) for upgrades. Additionally, there is a workaround available that can be applied, but it is not recommended for Cisco NX-OS Software releases that do not include a fix for Field Notice FN72433, as it may result in prolonged control plane instability.