Lucene search

CiscoCISCO-SA-20150619-CVE-2015-4197

HistoryJun 19, 2015 - 9:15 p.m.

Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

2015-06-1921:15:39

tools.cisco.com

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.003

Percentile

68.4%

JSON

A vulnerability in the Link Layer Discovery Protocol (LLDP) code of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to crash an affected device.

The vulnerability is due to an error in parsing a malformed LLDP packet. An attacker could exploit this vulnerability by sending a crafted, malformed LLDP packet to an interface enabled for LLDP packet processing.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as the targeted device. This access requirement reduces the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

cisconx_osMatch5.2

cisconx_osMatch5.2\(5\)

VendorProductVersionCPE
cisconx_os5.2cpe:2.3:o:cisco:nx_os:5.2:*:*:*:*:*:*:*
cisconx_os5.2(5)cpe:2.3:o:cisco:nx_os:5.2\(5\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx_os	5.2	cpe:2.3:o:cisco:nx_os:5.2:::::::*
cisco	nx_os	5.2(5)	cpe:2.3:o:cisco:nx_os:5.2\(5\):::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150619-CVE-2015-4197

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.003

Percentile

68.4%

JSON

Related for CISCO-SA-20150619-CVE-2015-4197