CVE-2018-0372

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode version 13.0(1k)

Description A vulnerability in the DHCPv6 feature could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition by sending a high number of malicious DHCPv6 packets, resulting in the device running low on system memory. This could lead to an eventual reboot of the affected device. The issue is due to improper memory management when DHCPv6 packets are received. The vulnerability only affects IPv6 protocol packets and can be exploited when unicast routing is enabled on the Bridge Domain (BD).

Recommendations For Cisco Nexus 9000 Series Fabric Switches in ACI Mode version 13.0(1k), consider disabling the DHCPv6 feature or restricting access to the affected device until a patch is available. Additionally, disabling unicast routing on the Bridge Domain (BD) could mitigate the risk of exploitation.