Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP Denial of Service Vulnerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition. Note: This vulnerability …
- Scope: This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode when both of the following conditions are met:
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- A workaround for this vulnerability exists for AAA providers that are configured with IPv4 DNS names. Update all AAA providers from a DNS name (hostname or FQDN) to an IPv4 address configuration. For more information about AAA configuration, see Cisco Application Centric Infrastructure Fundamentals, Release 6.1(x).
- There is no workaround for IPv6 configurations.
- While this workaround has been deployed and proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployme…
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.