—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
Advisory ID: cisco-sa-20171018-aaavty
Revision: 1.0
For Public Release: 2017 October 18 16:00 GMT
Last Updated: 2017 October 18 16:00 GMT
CVE ID(s): CVE-2017-3883
CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
+———————————————————————
Summary
=======
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload.
An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJZ53tIZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHkb5RAA23vzQ/m/i9LtTijz
nnKkrdFbUmro31EkdNtMx2s/exTTPcEfUl0A0girLJt5h0yuBTt0AmqB0lLkSEhb
/fAyWdnfvTiwjnNVGwqLJHg9WTohr9f4NM6JSp88M1DTZPMUolXQ7hV5LZ28e98/
BsqEGlN1FmllaklQYieR1NGQT8QRo1TM/aaoejeAgOywCVI7R4uT/g3aH0k425QQ
GJBfp80uzsSX/NU57tVJ1lpPB0EhlBkTUmPl0Wb34ZFlud67gBtBp1H6jBDEh/X2
XdZ7v+e21dhzN/E4ArTAqBx9XYEuzIJJGBqTXGXvLYntX525zh44DfaGDZPBotur
WjWNecDtJKDz7pwTS7fMJFKcddsPLvnFuOr/EfBw/7pjneZA6tJaXY85opYZjVHN
t7oOGDMIci2s8IOI0rL8jedMYEFcUoWbBvKKya5IE+Wzgi1OnVr1j060b53+QxqO
3TwCuj40gtk0jwEz8Qojm5bzWRoWiGHLntX/TF2+OJJLVaITwT1t/V10XItaNaw9
kgrwRk57vHA4CyAJk8zDKShCIZY9MJ5S8TpjR9bjR1r+Nno9x1o5aOvQ/L7B2/o6
lYlDhhblnMwxeBFQvEUq3H27aMVAjSzEpYzHC/f0FBD+2hK32kH5G12qaEQQWNP9
IRCwJASH+wZAEHfc3EO5t85WG3Q=
=AGKB
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com