CVE-2019-1901

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software versions prior to 13.2(7f) or any 14.x release.

Description A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The issue is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this by sending a crafted LLDP packet to the targeted device, potentially leading to a buffer overflow condition. This could cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. The vulnerability can only be exploited by directly targeting a connected interface, not by transit traffic through the device.

Recommendations For versions prior to 13.2(7f), update to version 13.2(7f) or later to resolve the issue. For any 14.x release, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the LLDP protocol to minimize the risk of exploitation.