A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCuy25824. Known Affected Releases: 7.0(3)I3(1) 8.3(0)CV(0.342) 8.3(0)CV(0.345). Known Fixed Releases: 8.3(0)CV(0.362) 8.0(1) 7.0(3)IED5(0.19) 7.0(3)IED5(0) 7.0(3)I4(1) 7.0(3)I4(0.8) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1) 7.0(3)F1(0.230).
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss1 | Vendor Advisory |
http://www.securityfocus.com/bid/96920 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038046 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-03-17 15:59
Updated : 2017-07-11 18:29
NVD link : CVE-2017-3879
Mitre link : CVE-2017-3879
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
cisco
- nexus_93180lc-ex_switch
- nexus_9372tx-e_switch
- nexus_9372px-e_switch
- nexus_92300yc_switch
- nexus_92304qc_switch
- nexus_92160yc_switch
- nexus_9272q_switch
- nexus_9332pq_switch
- nexus_9336pq_aci_spine_switch
- nexus_9508_switch
- nexus_93180yc-ex_switch
- nexus_9372tx_switch
- nexus_9396tx_switch
- nexus_93120tx_switch
- nexus_93108tc-ex_switch
- nexus_93128tx_switch
- nexus_9396px_switch
- nx-os
- nexus_9236c_switch
- nexus_9372px_switch