CVE-2019-1598

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75 Cisco NX-OS Software versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75 Firepower 4100 Series Next-Generation Firewalls versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75 Firepower 9300 Security Appliances versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75 MDS 9000 Series Multilayer Switches versions prior to 8.2(1) Nexus 3000 Series Switches versions prior to 7.0(3)I7(1) Nexus 3500 Platform Switches versions prior to 7.0(3)I7(2) Nexus 7000 and 7700 Series Switches versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1) Nexus 9000 Series Switches in Standalone NX-OS Mode versions prior to 7.0(3)I7(1) UCS 6200 and 6300 Fabric Interconnect versions prior to 3.2(2b)

Description The issue is related to the improper parsing of LDAP packets by an affected device, allowing an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device, with the source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload.

Recommendations For Cisco FXOS Software versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version. For Cisco NX-OS Software versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version. For Firepower 4100 Series Next-Generation Firewalls versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version. For Firepower 9300 Security Appliances versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75, update to a fixed version. For MDS 9000 Series Multilayer Switches versions prior to 8.2(1), update to a fixed version. For Nexus 3000 Series Switches versions prior to 7.0(3)I7(1), update to a fixed version. For Nexus 3500 Platform Switches versions prior to 7.0(3)I7(2), update to a fixed version. For Nexus 7000 and 7700 Series Switches versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1), update to a fixed version. For Nexus 9000 Series Switches in Standalone NX-OS Mode versions prior to 7.0(3)I7(1), update to a fixed version. For UCS 6200 and 6300 Fabric Interconnect versions prior to 3.2(2b), update to a fixed version. As a temporary workaround, consider restricting access to the LDAP feature until a patch is available.