Cisco Nexus 3000 and 9000 Series Switches PIM6 Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode. This vulnerability allows an authenticated, low-privileged, remote attacker to crash the PIM6 process, causing it to restart and potentially disrupt network adjacency. The issue arises from improper handling of PIM6 ephemeral data queries. Exploitation can be carried out by sending a crafted ephemeral query to the affected device using NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry.

Impact

Exploitation of this vulnerability leads to a crash of the PIM6 process, causing it to restart and potentially disrupt network adjacency. This creates a denial-of-service condition for the PIM6 and ephemeral query processes.

Remediation

Cisco has released software updates to address this vulnerability. For guidance on determining the best release for Cisco Nexus Switches, consult the Cisco NX-OS Recommended Releases documents. To check for vulnerabilities in a specific Cisco NX-OS release, use the Cisco Software Checker tool.