CVE-2017-6655

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions 8.3(0)CV(0.833)

Description A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. The vulnerability is due to a lack of proper FCoE frame padding validation. An attacker could exploit this vulnerability by sending a stream of crafted FCoE frames to the targeted device, which must be directly connected to the FCoE interface on the device that is running Cisco NX-OS Software.

Recommendations For Cisco NX-OS Software version 8.3(0)CV(0.833), update to version 8.3(0)ISH(0.62), 8.3(0)CV(0.944), 8.1(1), 8.1(0.8)S0, or 7.3(2)D1(0.47) to resolve the issue. As a temporary workaround, consider restricting access to the FCoE interface to minimize the risk of exploitation.