Cisco FXOS and NX-OS Lightweight Directory Access Protocol Denial of Service Vulnerabilities

Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap

This advisory is part of the March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 26 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Security Impact Rating: High

CVE: CVE-2019-1597,CVE-2019-1598

Related:

  • No Related Posts

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability

A vulnerability in the management interface of Cisco Application
Policy Infrastructure Controller (APIC) software could allow an
unauthenticated, adjacent attacker to gain unauthorized access on an
affected device.

The vulnerability is due to a lack of proper
access control mechanisms for IPv6 link-local connectivity imposed on
the management interface of an affected device. An attacker on the same physical network could
exploit this vulnerability by attempting to connect to the IPv6
link-local address on the affected device. A successful exploit could allow the attacker to
bypass default access control restrictions on an affected device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-apic-ipv6

Security Impact Rating: Medium

CVE: CVE-2019-1690

Related:

  • No Related Posts