Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability
TL;DR 📌
A medium-severity vulnerability has been identified in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 and 9000 Series Switches. This flaw could allow an authenticated, low-privileged remote attacker to trigger a denial of service (DoS) condition. No workarounds are available, but Cisco has released software updates to address the issue.
What happened 🕵️♂️
A vulnerability in the PIM6 feature of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged remote attacker to crash the PIM6 process. This is due to improper processing of PIM6 ephemeral data queries. An attacker can exploit this vulnerability by sending a crafted ephemeral query through various methods, including NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. Successful exploitation can lead to a DoS condition, causing potential adjacency flaps.
Affected products 🖥️
The vulnerability affects:
- Cisco Nexus 3000 Series Switches
- Cisco Nexus 9000 Series Switches
These devices must have the PIM6 feature enabled along with at least one of the following features:
- NX-API
- NETCONF
- RESTCONF
- gRPC
- Model Driven Telemetry
Note: The PIM4 feature is not affected.
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available for this vulnerability.
Risk in context 🎯
The highest CVSS score for this vulnerability is 5.0, indicating a medium level of risk. The exposure is limited to authenticated users, and the impact is primarily on availability due to potential service disruptions. Organizations should prioritize applying the available software updates to mitigate this risk.
Fast facts ⚡
- Vulnerability: Denial of Service (DoS) in PIM6
- CVSS Score: 5.0 (Medium)
- Exploitation: Requires authenticated access
- Workarounds: None available
- Affected Features: PIM6 with NX-API, NETCONF, RESTCONF, gRPC, or Model Driven Telemetry enabled
For leadership 🧭
This vulnerability poses a Medium risk to your network infrastructure, with a CVSS score of 5.0. It requires authenticated access for exploitation, which limits exposure but still necessitates attention due to potential availability impacts from service disruptions.
Remediation ask: Please ensure that affected devices are patched within 7 days to mitigate the risk. The operational impact is expected to be minimal, requiring a brief maintenance window with no anticipated configuration drift.
Now / Next / Later:
- Now: Identify affected devices and assess the current software version.
- Next: Schedule and apply the necessary software updates.
- Later: Monitor for any signs of exploitation or service disruption.