CVE-2014-0677

Name of the Vulnerable Software and Affected Versions Cisco NX-OS (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service, specifically a temporary LDP session outage, via LDP discovery traffic containing malformed Hello messages. This is due to how certain malformed LDP Hello messages are parsed. An attacker could exploit this by sending malformed LDP Hello messages to an affected device, causing it to stop accepting valid LDP sessions during a 60-second period. The vulnerability can be exploited by an attacker with access to trusted, internal networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.