Home Unlabelled Cisco NX-OS Software Pong Packet Denial of Service Vulnerability

Cisco NX-OS Software Pong Packet Denial of Service Vulnerability

By
Wednesday, January 17, 2018
Read
Add Comment

This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session:

  • Cisco Nexus 7000 Series Switches
  • Cisco Nexus 7700 Series Switches

To determine whether a device is running a vulnerable release of Cisco NX-OS Software, administrators can use the

show version

command in the NX-OS command-line interface (CLI).

The following example shows the output of the

show version

command for a Cisco Nexus 7000 Series Switch running Cisco NX-OS Software Release 7.2(2)D1(2):


Nexus# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://ift.tt/xtpRjv
Documents: http://ift.tt/2ERH0MZ
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://ift.tt/1blpKjs and
http://ift.tt/1blpKjt

Software
  BIOS:      version 2.12.0
  kickstart: version 7.2(2)D1(2)
  system:    version 7.2(2)D1(2)
.
.
.

To determine whether a device has the Pong tool enabled, administrators can use the

show running-config | include "feature pong"

command in the NX-OS CLI. The following example shows the output of this command for a Cisco Nexus 7000 Series Switch that has the Pong tool enabled (if this command returns empty output the Pong tool is not enabled):


Nexus# show running-config | include "feature pong"
feature pong

To determine whether a device has the FabricPath feature enabled, administrators can use the

show running-config | include "feature-set fabricpath"

command in the NX-OS CLI. The following example shows the output of this command for a Cisco Nexus 7000 Series Switch that has the FabricPath feature enabled (if this command returns empty output, the FabricPath feature is not enabled):


Nexus# show running-config | include "feature-set fabricpath"
feature-set fabricpath

To determine whether a device has a SPAN session configured, administrators can use the

show running-config monitor

command in NX-OS CLI. The following example shows the output of this command for a Cisco Nexus 7000 Series Switch that has a SPAN session monitoring interface Ethernet 1/10 configured and enabled (if this command returns empty output, no SPAN session is configured):


Nexus# show running-config monitor

!Command: show running-config monitor
!Time: Mon Oct  9 12:04:52 2017

version 7.2(2)D1(2)
monitor session 1 
  source interface Ethernet1/10 both
  destination interface Ethernet1/12
  no shut

No other Cisco products are currently known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco NX-OS Software Releases 7.2(0)D1(1) and earlier.

Cisco has confirmed that this vulnerability does not affect Cisco Multilayer Director Switches as the affected NX-OS releases are not available for this platform.



from Cisco Security Advisory http://ift.tt/2FKXTKu
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us