Symptom
A vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device.
The vulnerability is due to incomplete input validation of Telnet packet headers. An attacker could exploit this vulnerability by sending a crafted Telnet packet to an affected system during a remote Telnet login attempt. A successful exploit could allow the attacker to cause the Telnet process on the affected system to restart unexpectedly, resulting in a denial of service (DoS) condition for the Telnet process.
Conditions
The telnet feature must be enabled on the device.
Further Problem Description
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 5.3:
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X
CVE ID CVE-2017-3878 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
