Cisco patches high risk vulnerability in Nexus 9000 switches

Cisco has released security updates to address a high severity vulnerability in its Cisco Nexus 9000 Series Fabric Switches. Attackers could exploit this issue to take control of impacted devices.

The buffer overflow vulnerability CVE-2019-1901 exists in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software. An unauthenticated attacker could exploit this issue and cause a denial of service (DoS) condition or could execute arbitrary code with root privileges. To add, CVE-2019-1901 carries a CVSS base score of 8.8 (10 being the highest).

“The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges,” Cisco stated in the advisory.

Cisco also cautioned that an attacker cannot exploit the vulnerability via transit traffic through the device. Instead, a crafted packet must be targeted to a directly connected interface.

Organizations should apply necessary updates as soon as possible.