—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability
Advisory ID: cisco-sa-20180620-nxosigmp
Revision: 1.0
For Public Release: 2018 June 20 16:00 GMT
Last Updated: 2018 June 20 16:00 GMT
CVE ID(s): CVE-2018-0292
CVSS Score v(3): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition.
The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp”]
This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbKnqGXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczGMgP/0OVYpwLEjZOEq28YzLdFTKjOcQN
hkAiI+3xhTs5BJ+xj3l3BKdIev4Sm/P8pCpkaAAfKwtZFcfwEwH4wyPF35hP4iVr
3r57q3F2927A9mUgfaQtqMGt0Mdydu7VNHCL2er39X+Fz28dl1f+caqEeIcBJFfE
7IhNrpX3stDIKjSfG6RHGxQzrR+oIEECwn9zaQkzbtoqMMbe2elGgMydc+IlCiVi
4SK4Ixy9dWzElNoRI1iuWGBDkZYtes8d7Q6/AXuMORNaWPz5lb7Wx/cyX844H1k7
8PZYCVIKQ8puH9zrPbTENo86zhde9mffdYCyBJ9cyk8OMVDcMIz9KKfHL3WJsZ+/
Y9SJ6onixhvreTXsUgO2ID8B/eQSsECSSqn9EJWkX6o1GRvmTXkt5C4YqjiFjgJS
Z95VKXEkwZjS7FIwlcAGexg8lEMdm+zzy8KCVzwxeTxwjJN7Ln4I0u45VYFFu62W
jPNzn2vnsG9X5zpBRGSoaGDNdtu2NUnbvo4fitwi2MF06C8mQufwASF/gWUb9v+b
7wTf8a23fVQRvOcZ7GPHpjp4v/xcAQpbtV6DCP50PE3ON7r4NtHE/UzslI0w/wBW
6n0jd+uZmpNTLZ4JfD1zpVVvU3cEJf45QfnDQsL3uYUrQITDyIE7MEQGdPf8tY3Y
Hpris2dOqXdAy7px
=JhQn
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com