CVE-2018-0303

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software and Cisco NX-OS Software (affected versions not specified) Firepower 4100 Series Next-Generation Firewalls (affected versions not specified) Firepower 9300 Security Appliance (affected versions not specified) MDS 9000 Series Multilayer Switches (affected versions not specified) Nexus 1000V Series Switches (affected versions not specified) Nexus 1100 Series Cloud Services Platforms (affected versions not specified) Nexus 2000 Series Fabric Extenders (affected versions not specified) Nexus 3000 Series Switches (affected versions not specified) Nexus 3500 Platform Switches (affected versions not specified) Nexus 5500 Platform Switches (affected versions not specified) Nexus 5600 Platform Switches (affected versions not specified) Nexus 6000 Series Switches (affected versions not specified) Nexus 7000 Series Switches (affected versions not specified) Nexus 7700 Series Switches (affected versions not specified) Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode (affected versions not specified) Nexus 9000 Series Switches in standalone NX-OS mode (affected versions not specified) Nexus 9500 R-Series Line Cards and Fabric Modules (affected versions not specified) UCS 6100 Series Fabric Interconnects (affected versions not specified) UCS 6200 Series Fabric Interconnects (affected versions not specified) UCS 6300 Series Fabric Interconnects (affected versions not specified)

Description A vulnerability in the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device.

Recommendations For Cisco FXOS Software and Cisco NX-OS Software, update to a fixed version of the software. For Firepower 4100 Series Next-Generation Firewalls, update to a fixed version of the software. For Firepower 9300 Security Appliance, update to a fixed version of the software. For MDS 9000 Series Multilayer Switches, update to a fixed version of the software. For Nexus 1000V Series Switches, update to a fixed version of the software. For Nexus 1100 Series Cloud Services Platforms, update to a fixed version of the software. For Nexus 2000 Series Fabric Extenders, update to a fixed version of the software. For Nexus 3000 Series Switches, update to a fixed version of the software. For Nexus 3500 Platform Switches, update to a fixed version of the software. For Nexus 5500 Platform Switches, update to a fixed version of the software. For Nexus 5600 Platform Switches, update to a fixed version of the software. For Nexus 6000 Series Switches, update to a fixed version of the software. For Nexus 7000 Series Switches, update to a fixed version of the software. For Nexus 7700 Series Switches, update to a fixed version of the software. For Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, update to a fixed version of the software. For Nexus 9000 Series Switches in standalone NX-OS mode, update to a fixed version of the software. For Nexus 9500 R-Series Line Cards and Fabric Modules, update to a fixed version of the software. For UCS 6100 Series Fabric Interconnects, update to a fixed version of the software. For UCS 6200 Series Fabric Interconnects, update to a fixed version of the software. For UCS 6300 Series Fabric Interconnects, update to a fixed version of the software. As a temporary workaround, consider disabling the Cisco Discovery Protocol until a patch is available.