CVE-2021-1230

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode (affected versions not specified)

Description The issue is related to the implementation of the Border Gateway Protocol (BGP) in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode. It is due to an issue with the installation of routes upon receipt of a BGP update, which could allow an unauthenticated, remote attacker to cause a routing process to crash, leading to a denial of service (DoS) condition. An attacker could exploit this by sending a crafted BGP update to an affected device. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only, so an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer.

Recommendations As a temporary workaround, consider restricting access to the BGP protocol to minimize the risk of exploitation. To resolve the issue, update the Cisco Nexus 9000 Series Fabric Switches to a version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.