Symptom

An issue in the Cisco Discovery Protocol (CDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an out-of-bounds read condition for certain CDP TLVs. The issue is due to incomplete error checking of the CDP packet header fields. Cisco has evaluated the impact of the out-of-bound read and concluded that no exploitation was possible.

Conditions

This security issue affects the following Cisco products: * Firepower 4100 Series * Firepower 9300 Security Appliances * MDS 9000 Series Multilayer Switches * Nexus 1000 Virtual Edge for VMware vSphere * Nexus 1000V Switch for Microsoft Hyper-V * Nexus 1000V Switch for VMware vSphere * Nexus 3000 Series Switches * Nexus 5500 Platform Switches * Nexus 5600 Platform Switches * Nexus 6000 Series Switches * Nexus 7000 Series Switches * Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode * Nexus 9000 Series Switches in standalone NX-OS mode * UCS 6200 Series Fabric Interconnects * UCS 6300 Series Fabric Interconnects * UCS 6400 Series Fabric Interconnects

Workaround

None

Further Problem Description

None.

PSIRT Evaluation

Credit

Cisco would like to thank Qian Chen of Qihoo 360 Nirvan Team for reporting this security issue. The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html