CVE-2019-1617

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to 7.0(3)I7(5) and 9.2(2)

Description A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device, causing packet amplification to occur, resulting in the saturation of interfaces and a DoS condition.

Recommendations For versions prior to 7.0(3)I7(5), update to version 7.0(3)I7(5) or later. For versions prior to 9.2(2), update to version 9.2(2) or later. As a temporary workaround, consider disabling the fcoe-npv feature until a patch is available. Restrict access to the affected device to minimize the risk of exploitation.