Cisco MDS 9000 Series Denial of Service Vulnerability

A vulnerability in the high availability (HA) subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a denial of device (DoS) condition.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to a device.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted packets to the targeted device. This access requirement may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.