CVE-2019-1597

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75 Cisco NX-OS Software versions prior to 7.0(3)I7(1) on Nexus 3000 Series Switches Cisco NX-OS Software versions prior to 7.0(3)I7(2) on Nexus 3500 Platform Switches Cisco NX-OS Software versions prior to 8.2(1) on MDS 9000 Series Multilayer Switches and Nexus 7000 and 7700 Series Switches Cisco NX-OS Software versions prior to 7.0(3)I7(1) on Nexus 9000 Series Switches in Standalone NX-OS Mode Cisco UCS 6200 and 6300 Fabric Interconnect devices versions prior to 3.2(2b) Firepower 4100 Series Next-Generation Firewalls versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75 Firepower 9300 Security Appliances versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75

Description Multiple vulnerabilities exist in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software due to improper parsing of LDAP packets by an affected device. An unauthenticated, remote attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device, causing the device to reload and resulting in a denial of service (DoS) condition. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device.

Recommendations For Cisco FXOS Software versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version. For Cisco NX-OS Software versions prior to 7.0(3)I7(1) on Nexus 3000 Series Switches, update to a fixed version. For Cisco NX-OS Software versions prior to 7.0(3)I7(2) on Nexus 3500 Platform Switches, update to a fixed version. For Cisco NX-OS Software versions prior to 8.2(1) on MDS 9000 Series Multilayer Switches and Nexus 7000 and 7700 Series Switches, update to a fixed version. For Cisco NX-OS Software versions prior to 7.0(3)I7(1) on Nexus 9000 Series Switches in Standalone NX-OS Mode, update to a fixed version. For Cisco UCS 6200 and 6300 Fabric Interconnect devices versions prior to 3.2(2b), update to a fixed version. For Firepower 4100 Series Next-Generation Firewalls versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version. For Firepower 9300 Security Appliances versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version.