Guest

Preview Tool

Cisco Bug: CSCuo09129 - Cisco MDS 9000 Series Denial of Service Vulnerability

Last Modified

Jul 25, 2017

Products (1)

  • Cisco MDS 9000 Series Multilayer Switches

Known Affected Releases

5.2(1) 6.2(1)

Description (partial)

Symptom:
A vulnerability within the high availability (HA) subsystem of Cisco NX-OS running on MDS 9000 series devices could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to the affected device.

Conditions:
The following Cisco MDS 9000 Series devices running an affected version of Cisco NX-OS Software:

Cisco MDS platforms affected in NX-OS 5.2 train:
  Cisco MDS 9513 Multilayer Director
  Cisco MDS 9509 Multilayer Director
  Cisco MDS 9506 Multilayer Director
  Cisco DS 9222i Multiservice Modular Switch
  Cisco MDS 9148 Multilayer Fabric Switch
  Cisco MDS 9134 Multilayer Fabric Switch
  Cisco MDS 9124 Multilayer Fabric Switch
  Cisco MDS 8-Gb Fabric Switch for HP c-Class Blade System
  Cisco MDS 4-Gbps Fabric Switch for HP c-Class BladeSystem
  Cisco MDS 4-Gbps Fabric Switch for IBM BladeCenter

Cisco MDS platforms affected in NX-OS 6.2 train:
  Cisco MDS 9710 Multilayer Director
  Cisco MDS 9706 Multilayer Director
  Cisco MDS 9148s 16G Multilayer Fabric Switch
  Cisco MDS 9250i Multiservice Fabric Switch
  Cisco MDS 9513 Multilayer Director
  Cisco MDS 9509 Multilayer Director
  Cisco MDS 9506 Multilayer Director
  Cisco MDS 9222i Multiservice Modular Switch
  Cisco MDS 9148 Multilayer Fabric Switch
  Cisco MDS 8-Gb Fabric Switch for HP c-Class Blade System

No MDS linecards or external applications are affected by this vulnerability.

Related Community Discussions

Cisco NX-OS Bug <key>CSCuo09129</key>
Hi cummunity;   I have a some MDS-9513 with NX-OS 5.2(8b); I wold like to know if Cisco BUG <key>CSCuo09129</key> is affecting this version?   Regards
Latest activity: Jan 28, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.