Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability

A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to improper handling of an ICMP packet with the IPv4 Type 7 option for record route. An attacker could exploit this vulnerability by sending an ICMP packet with the record route option to an interface on the affected switch. An exploit could allow the attacker to cause a DoS condition because the switch will reload each time the ICMP packet is received.

Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci”]