CVE-2016-1454

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 4.0 through 7.3 Cisco NX-OS versions 11.0 through 11.2

Description The issue allows remote attackers to cause a denial of service by sending a crafted BGP UPDATE message, leveraging a peer relationship. This is due to incomplete input validation of the BGP update messages. An attacker could exploit this by sending a crafted BGP update message to the targeted device, causing the switch to reload unexpectedly. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable.

Recommendations For Cisco NX-OS versions 4.0 through 7.3, update to a version that includes the fix for this issue. For Cisco NX-OS versions 11.0 through 11.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the BGP protocol to only trusted peers until a patch is available. If all BGP peers to the NX-OS Software are Cisco IOS, IOS-XE, or IOS-XR devices and those devices are not configured for Cisco Multicast VPN (MVPN) interautonomous system support, this issue cannot be remotely exploited, but it is still recommended to update to a fixed version.