CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
80.6%
A vulnerability in the Routing Information Protocol (RIP) service engine of Cisco NX-OS Software could allow an unauthenticated, remote attacker
to create a denial of service (DoS) condition by causing the RIP service engine to
restart.
The vulnerability is due to improper input filtering of
RIP packets. An attacker could exploit this vulnerability by sending a
malformed RIPv4 or RIPv6 message to UDP port 520. A successful exploit
could result in the target device restarting the RIP service engine, which could lead to a denial of service for any destinations populated in
the route table by RIP.
Cisco has confirmed the vulnerability in a security advisory and has released software updates.
To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.
Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx_os | 4.1 | cpe:2.3:o:cisco:nx_os:4.1:*:*:*:*:*:*:* |
cisco | nx_os | 5.0 | cpe:2.3:o:cisco:nx_os:5.0:*:*:*:*:*:*:* |
cisco | nx_os | 4.2 | cpe:2.3:o:cisco:nx_os:4.2:*:*:*:*:*:*:* |
cisco | nx_os | 5.1 | cpe:2.3:o:cisco:nx_os:5.1:*:*:*:*:*:*:* |
cisco | nx_os | 4.1(2) | cpe:2.3:o:cisco:nx_os:4.1\(2\):*:*:*:*:*:*:* |
cisco | nx_os | 4.1(3) | cpe:2.3:o:cisco:nx_os:4.1\(3\):*:*:*:*:*:*:* |
cisco | nx_os | 4.1(4) | cpe:2.3:o:cisco:nx_os:4.1\(4\):*:*:*:*:*:*:* |
cisco | nx_os | 4.1(5) | cpe:2.3:o:cisco:nx_os:4.1\(5\):*:*:*:*:*:*:* |
cisco | nx_os | 5.0(2a) | cpe:2.3:o:cisco:nx_os:5.0\(2a\):*:*:*:*:*:*:* |
cisco | nx_os | 5.0(3) | cpe:2.3:o:cisco:nx_os:5.0\(3\):*:*:*:*:*:*:* |