CVE-2013-6982

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 6.2(2a) and earlier

Description The issue is related to the BGP implementation, which does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families. This allows remote attackers to cause a denial of service (peer reset) via a crafted message. The vulnerability is due to the improper processing of specifically crafted BGP update messages. An attacker could exploit this by crafting a specific BGP-labeled update message, potentially resetting all BGP peers on a Cisco NX-OS device configured with either a VPNv4, VPNv6, or IPv6 labeled unicast address family. The exploit likely requires access to trusted, internal networks to send crafted BGP update messages to the targeted device.

Recommendations For Cisco NX-OS versions 6.2(2a) and earlier, update to a newer version that includes the fix for this issue, as indicated by Cisco in their security notice. As a temporary workaround, consider restricting access to the BGP functionality to minimize the risk of exploitation.