CVE-2019-1594

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V Switch for VMware vSphere versions prior to 5.2(1)SV3(1.4b) Cisco Nexus 3000 Series Switches versions prior to 7.0(3)I7(4) Cisco Nexus 3500 Platform Switches versions prior to 7.0(3)I7(4) Cisco Nexus 2000, 5500, 5600, and 6000 Series Switches versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b) Cisco Nexus 7000 and 7700 Series Switches versions prior to 8.2(3) Cisco Nexus 9000 Series Fabric Switches in ACI Mode versions prior to 13.2(1l) Cisco Nexus 9000 Series Switches in Standalone NX-OS Mode versions prior to 7.0(3)I7(4)

Description A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition.

Recommendations For Cisco Nexus 1000V Switch for VMware vSphere versions prior to 5.2(1)SV3(1.4b), update to version 5.2(1)SV3(1.4b) or later. For Cisco Nexus 3000 Series Switches versions prior to 7.0(3)I7(4), update to version 7.0(3)I7(4) or later. For Cisco Nexus 3500 Platform Switches versions prior to 7.0(3)I7(4), update to version 7.0(3)I7(4) or later. For Cisco Nexus 2000, 5500, 5600, and 6000 Series Switches versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b), update to version 7.3(5)N1(1) or 7.1(5)N1(1b) or later. For Cisco Nexus 7000 and 7700 Series Switches versions prior to 8.2(3), update to version 8.2(3) or later. For Cisco Nexus 9000 Series Fabric Switches in ACI Mode versions prior to 13.2(1l), update to version 13.2(1l) or later. For Cisco Nexus 9000 Series Switches in Standalone NX-OS Mode versions prior to 7.0(3)I7(4), update to version 7.0(3)I7(4) or later.