Cisco Nexus 3000 and 9000 Series Switches Intermediate System-to-Intermediate System Denial of Service Vulnerability

🚨 SEVERITY: HIGH — CVSS 7.4 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco Nexus 3000 and 9000 Series Switches. This vulnerability could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) by sending a crafted IS-IS packet, leading to an unexpected device reload. Cisco has released software updates to address this issue, but no workarounds are available.

What happened 🕵️‍♂️

A vulnerability in the IS-IS feature of Cisco NX-OS Software could allow an adjacent attacker to exploit insufficient input validation when parsing IS-IS packets. By sending a specially crafted packet, the attacker could cause the IS-IS process to restart unexpectedly, resulting in a denial of service condition as the affected device reloads.

Affected products 🖥️

  • Cisco Nexus 3000 Series Switches
  • Cisco Nexus 9000 Series Switches in standalone NX-OS mode

To determine if the IS-IS protocol is enabled on your switch, use the command: show running-config | include isis.

Fixed software 🔧

Upgrade to the first fixed release in your train (or later):

Release / Product First Fixed Release Notes
1.0 Initial public release.

Workarounds 🧯

There are no workarounds available for this vulnerability. However, it is recommended to configure IS-IS area authentication to mitigate potential exploitation. This requires attackers to pass the authentication phase before triggering the vulnerability.

Risk in context 🎯

The vulnerability has a CVSS score of 7.4, indicating a high risk. It is exploitable by an unauthenticated attacker who is Layer 2-adjacent to the affected device. There is potential for significant operational impact due to device reloads, which could disrupt network services.

Fast facts ⚡

  • Vulnerability: IS-IS Denial of Service
  • CVSS Score: 7.4 (High)
  • Affected Products: Nexus 3000 and 9000 Series Switches
  • Exploitation: Requires adjacent access
  • Workarounds: None available

For leadership 🧭

This vulnerability poses a High risk to business operations due to its potential to cause denial of service through device reloads. The exposure is primarily driven by the need for an attacker to be Layer 2-adjacent to the affected device, which limits the attack surface but does not eliminate risk.

Remediation ask: Patch affected devices within 7 days using the released software updates.

Operational impact: Expect a brief maintenance window with no configuration drift anticipated.

Now / Next / Later:

  • Now: Review and identify affected devices.
  • Next: Schedule and apply the necessary software updates.
  • Later: Monitor for any signs of exploitation or unusual network behavior.