Guest

Preview Tool

Cisco Bug: CSCuj67404 - Cisco NX-OS IPv6 ICMP Denial of Service Vulnerability

Last Modified

Jun 29, 2018

Products (1)

  • Cisco Nexus 5000 Series Switches

Known Affected Releases

7.0(0)ZD(0.61) 7.0(0)ZD(0.64)

Description (partial)

Symptom:
A vulnerability in the Internet Control Message Protocol Version 6 (ICMPv6) Neighbor Discovery 
Protocol (NDP) of Cisco NX-OS and Unified Computing System (UCS) System Software which 
could allow an unauthenticated, remote attacker to cause a complete denial of service (DoS) condition. 

The vulnerability is due to improper error handling when the ICMPv6 NDP requests, which are sent 
to a configured IPv6 interface on the affected device, have differing MTU values.  An attacker could 
exploit this vulnerability by sending malicious ICMPv6 NDP requests to the interface. An exploit could 
allow the attacker to cause the ''netstack'' process to unexpectedly reload and cause a complete DoS
condition.

Conditions:
The device is configured for IPv6 on an interface.

This vulnerability is applicable to the following hardware platforms:

Cisco Nexus 1000 Series Switch
Cisco Nexus 3000 Series Switch
Cisco Nexus 3500 Series Switch
Cisco Nexus 5000 Series Switch
Cisco Nexus 6000 Series Switch
Cisco Nexus 7000 Series Switch
Cisco Unified Computing System (UCS) 5000 Series Switch
Cisco Unified Computing System (UCS) 6000 Series Switch
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.