Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3276.2 Cisco FXOS and NX-OS security updates 10 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco NX-OS Cisco FXOS Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-1969 CVE-2019-1968 CVE-2019-1967 CVE-2019-1965 CVE-2019-1964 CVE-2019-1963 CVE-2019-1962 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ntp-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-snmp-bypass Comment: This bulletin contains seven (7) Cisco Systems security advisories. Revision History: October 10 2019: Updated cisco-sa-20190828-fxnxos-snmp-dos/cisco-sa-20190828-nxos-fsip-dos/cisco-sa-20190828-nxos-ntp-dos/cisco-sa-20190828-nxos-memleak-dos August 29 2019: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20190828-fxnxos-snmp-dos First Published: 2019 August 28 16:00 GMT Last Updated: 2019 October 8 14:45 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvn13270 CSCvn23529 CSCvn23531 CSCvn23532CSCvn23534 CSCvn23535 CSCvn23536 CSCvn23537CSCvn23538 CVE-2019-1963 CWE-20 CVSS Score: 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of Abstract Syntax Notation One (ASN.1)-encoded variables in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the SNMP daemon on the affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-fxnxos-snmp-dos This advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects the following Cisco products if they have SNMP configured and they are running a vulnerable release of Cisco FXOS or NX-OS Software: Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects For information about which Cisco FXOS and NX-OS Software releases are vulnerable, see the Fixed Software section of this advisory. Determine the Status of SNMP The following subsections describe how to determine whether SNMP is running on a device. Determine the Status of SNMP for Cisco FXOS Software Administrators can determine whether SNMP is running on a device by using the show configuration | include snmp command in the device CLI. If the command returns output, SNMP is configured. fxos-switch# show configuration | include snmp enable snmp Determine the Status of SNMP for Cisco NX-OS Software Administrators can determine whether SNMP is running on a device by using the show running-config snmp command in the device CLI. If the command returns output, SNMP is configured. nxos-switch# show running-config snmp . . . snmp-server user admin network-admin auth md5 ***** priv ***** localizedkey snmp-server community community-string group network-admin Determine the Status of SNMP for Cisco UCS Administrators can determine whether SNMP is running on a device by using the show configuration | grep snmp command in the device CLI. If the command returns output, SNMP is configured. # show configuration | grep snmp enable snmp Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect Cisco Firepower 2100 Series. Details o SNMP is an application-layer protocol that provides a standardized framework and a common language for monitoring and managing devices in a network. It defines a message format for communication between SNMP managers and agents. An SNMP agent gathers data from the SNMP MIB, which is the repository of information about device parameters and network data. It also responds to requests from an SNMP manager to get or set data. An SNMP agent contains MIB variables for which values can be requested or changed by an SNMP manager by using get or set operations. This vulnerability affects all versions of SNMP supported on the device-versions 1, 2c, and 3. An attacker could exploit this vulnerability by sending a specific SNMP packet to an affected device using IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit this vulnerability. This vulnerability is not exploitable if the device is configured only to send SNMP traps. To exploit this vulnerability by using SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. A community string is a password that is applied to a device to restrict both read-only and read-write access to the SNMP data on the device. These community strings, as with all passwords, should be chosen carefully to ensure that they are not trivial. They should also be changed at regular intervals and in accordance with network security policies. For example, the strings should be changed when a network administrator changes roles or leaves the organization. To exploit this vulnerability by using SNMP Version 3 (SNMPv3), the attacker must have SNMPv3 credentials for the affected system. Workarounds o There are no workarounds that address this vulnerability. Mitigation for Cisco NX-OS Software As a mitigation for the vulnerability that is described in this advisory, administrators of systems that are running Cisco NX-OS Software can configure an access control list (ACL) on an SNMP community to filter incoming SNMP requests to ensure that SNMP polling is performed only by trusted SNMP clients. In the following example, the device will accept incoming SNMPv2c requests only from a single trusted host, 192.168.1.2: switch# show access-list acl_for_snmp IPV4 ACL acl_for_snmp 10 permit udp 192.168.1.2/32 192.168.1.3/32 eq snmp To implement the preceding ACL, administrators can add it to the snmp-server community configuration command: switch# show running-config snmp !Command: show running-config snmp snmp-server community mycompany use-acl acl_for_snmp For additional information about configuring ACLs to filter incoming SNMP requests, see Filtering SNMP Requests in the Cisco NX-OS Configuration Guide . Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/ end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate release as indicated in the applicable table in this section. To help ensure a complete upgrade solution, customers should consider that this advisory is part of a bundled publication. The following page provides a complete list of bundle advisories: Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . In the following table(s), the left column lists releases of Cisco FXOS Software or Cisco NX-OS Software. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by all the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. Firepower 4100 Series and Firepower 9300 Security Appliances: CSCvn23536 Cisco FXOS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 2.2.2.91 2.2.2.91 2.2 2.2 2.2.2.91 2.2.2.91 2.3 2.3.1.130 2.3.1.130 2.4 2.4.1.222 2.4.1.222 2.6 Not vulnerable Not vulnerable MDS 9000 Series Multilayer Switches: CSCvn23531 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 5.2 6.2(29) 6.2(29) 6.2 6.2(29) 6.2(29) 7.3 8.3(2) 8.4(1) 8.1 8.3(2) 8.4(1) 8.2 8.3(2) 8.4(1) 8.3 8.3(2) 8.4(1) 8.4 Not vulnerable Not vulnerable Nexus 1000 Virtual Edge for VMware vSphere: CSCvn23532 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 5.2 5.2(1)SV5(1.2) 5.2(1)SV5(1.2) Nexus 1000V Switch for Microsoft Hyper-V: CSCvn23537 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than No fix at this time No fix at this time 5.2 5.2 No fix at this time No fix at this time Nexus 1000V Switch for VMware vSphere: CSCvn23532 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 5.2(1)SV3(4.1a) 5.2(1)SV3(4.1a) 5.2 5.2 5.2(1)SV3(4.1a) 5.2(1)SV3(4.1a) Nexus 3000 Series Switches, Nexus 3500 Platform Switches, and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvn13270 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than Not vulnerable 7.0(3)I4(9) ^2 7.0(3)I4 ^2 7.0(3)I4 ^2 7.0(3)I4(9) ^2 7.0(3)I4(9) ^2 7.0(3)I7 7.0(3)I7(6) 7.0(3)I7(6) 9.2 9.2(3) 9.2(3) 9.3 Not vulnerable Not vulnerable 2. The 7.0(3)I4 code train is not applicable to Nexus 3500 Platform Switches. Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvn13270 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 7.0(3)F 9.2(3) 9.2(3) 9.2 9.2(3) 9.2(3) 9.3 Not vulnerable Not vulnerable Nexus 5500 and 5600 Platform Switches and Nexus 6000 Series Switches: CSCvn23534 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1 7.1 7.1(5)N1(1b) 7.1(5)N1(1b) 7.3 7.3(5)N1(1) 7.3(5)N1(1) Nexus 7000 and 7700 Series Switches: CSCvn23531 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 6.2(22) 6.2(22) 6.2 6.2 6.2(22) 6.2(22) 7.2 7.3(4)D1(1) 7.3(4)D1(1) 7.3 7.3(4)D1(1) 7.3(4)D1(1) 8.0 8.2(3) 8.2(3) 8.1 8.2(3) 8.2(3) 8.2 8.2(3) 8.2(3) 8.3 8.3(2) 8.4(1) 8.4 Not vulnerable Not vulnerable Nexus 9000 Series Fabric Switches in ACI Mode: CSCvn23529 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 13.2(7k) 13.2(7k) 13.1 13.1 13.2(7k) 13.2(7k) 13.2 13.2(7k) 13.2(7k) 14.0 14.0(2c) 14.0(2c) 14.1 14.1(1i) 14.1(1i) UCS 6200, 6300, and 6400 Series Fabric Interconnects: CSCvn23535 and CSCvn23538 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 3.2(3l) 3.2(3l) 3.2 3.2 3.2(3l) 3.2(3l) 4.0 4.0(4e) 4.0(4e) Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-fxnxos-snmp-dos Revision History o +---------+-------------------------+----------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+-------------------------+----------+--------+-----------------+ | 1.1 | Updated the MDS and UCS | Fixed | Final | 2019-October-08 | | | fixed release tables. | Software | | | +---------+-------------------------+----------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-August-28 | +---------+-------------------------+----------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20190828-nxos-fsip-dos First Published: 2019 August 28 16:00 GMT Last Updated: 2019 October 8 14:45 GMT Version 1.1: Final Workarounds: No workarounds available CVE-2019-1962 CWE-20 CVSS Score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause process crashes, which can result in a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient validation of TCP packets when processed by the Cisco Fabric Services over IP (CFSoIP) feature. An attacker could exploit this vulnerability by sending a malicious Cisco Fabric Services TCP packet to an affected device. A successful exploit could allow the attacker to cause process crashes, resulting in a device reload and a DoS condition. Note: There are three distribution methods that can be configured for Cisco Fabric Services. This vulnerability affects only distribution method CFSoIP, which is disabled by default. See the Details section for more information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-fsip-dos This advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software with CFSoIP enabled: MDS 9000 Series Multilayer Switches Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects Administrators can display the distribution status of Cisco Fabric Services for a device by using the show cfs status command in the device CLI, as shown in the following example: switch# show cfs status Distribution : Enabled Distribution over IP : Disabled IPv4 multicast address : 239.255.70.83 IPv6 multicast address : ff15::efff:4653 Distribution over Ethernet : Disabled In the preceding example, the Enabled value in the Distribution field of the command output indicates that Cisco Fabric Services is enabled for the device and the device is configured to use the default Cisco Fabric Services distribution type, which is CFSoFC. The Disabled value in the Distribution over IP field and the Distribution over Ethernet field indicates that the device is not configured to use the CFSoIP and CFSoE distribution types. For information about which Cisco NX-OS Software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 1000 Virtual Edge for VMware vSphere Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode UCS 6400 Series Fabric Interconnects Details o Cisco Fabric Services provides a common infrastructure for distributing and synchronizing configuration data between Cisco devices that are on the same network and with virtual port channels (vPCs). This includes configuration data for applications and features that are compatible with and enabled to use Cisco Fabric Services-for example, Distributed Device Alias Services, Network Time Protocol (NTP), and user and administrator roles. To distribute and synchronize data, Cisco Fabric Services can be configured to use any of the following distribution types: Cisco Fabric Services over Fiber Channel (CFSoFC) - Distributes data over a Fiber Channel (FC), such as a virtual storage area network (VSAN). CFSoFC distribution is enabled by default. Cisco Fabric Services over Ethernet (CFSoE) - Distributes data over an Ethernet network. For vPC support, Cisco Fabric Services must be configured to use this distribution type. CFSoE distribution is disabled by default. Cisco Fabric Services over IP (CFSoIP) - Distributes data over an IPv4 or IPv6 network. CFSoIP distribution is disabled by default. Note: The vulnerability described in this advisory is due to insufficient input validation that could occur when the affected software processes CFSoIP TCP packets received during distribution and synchronization operations. An attack is possible from any node that has IP network connectivity to the management interface of an affected device and cannot occur from the data plane. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate release as indicated in the applicable table in this section. To help ensure a complete upgrade solution, customers should consider that this advisory is part of a bundled publication. The following page provides a complete list of bundle advisories: Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . In the following table(s), the left column lists releases of Cisco FXOS Software or Cisco NX-OS Software. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by all the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. MDS 9000 Series Multilayer Switches: CSCva64492 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories 5.2 6.2(25) 6.2(29) 6.2 6.2(25) 6.2(29) 7.3 8.1(1) 8.4(1) 8.1 Not vulnerable 8.4(1) 8.2 Not vulnerable 8.4(1) 8.3 Not vulnerable 8.4(1) 8.4 Not vulnerable Not vulnerable Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvj59058 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories Earlier than 7.0(3) 7.0(3)I4(9) 7.0(3)I4(9) I4 7.0(3)I4 7.0(3)I4(9) 7.0(3)I4(9) 7.0(3)I7 7.0(3)I7(4) 7.0(3)I7(6) 9.2 Not vulnerable 9.2(3) 9.3 Not vulnerable Not vulnerable Nexus 3500 Platform Switches: CSCvk70631 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories Earlier than 6.0(2) 6.0(2)A8(10) 6.0(2)A8(11) A8 6.0(2)A8 6.0(2)A8(10) 6.0(2)A8(11) 7.0(3)I7 7.0(3)I7(4) 7.0(3)I7(6) 9.2 Not vulnerable 9.2(3) 9.3 Not vulnerable Not vulnerable Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvk70625 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories 7.0(3) 7.0(3)F3(3c) ^1 9.2(3) 9.2 Not vulnerable 9.2(3) 9.3 Not vulnerable Not vulnerable ^ 1 This vulnerability is not fixed in 7.0(3)F3(4) but is fixed in 7.0(3)F3 (5). Nexus 5500, 5600, and 6000 Series Switches: CSCvk70632 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories Earlier 7.1(5)N1(1b) 7.1(5)N1(1b) than 7.1 7.1 7.1(5)N1(1b) 7.1(5)N1(1b) 7.3 7.3(4)N1(1) 7.3(5)N1(1) Nexus 7000 and 7700 Series Switches: CSCva64492 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories Earlier 6.2(22) 6.2(22) than 6.2 6.2 6.2(22) 6.2(22) 7.2 7.3(3)D1(1) 7.3(4)D1(1) 7.3 7.3(3)D1(1) 7.3(4)D1(1) 8.0 Not vulnerable 8.2(3) 8.1 Not vulnerable 8.2(3) 8.2 Not vulnerable 8.2(3) 8.3 Not vulnerable 8.4(1) 8.4 Not vulnerable Not vulnerable UCS 6200 and 6300 Series Fabric Interconnects: CSCvk70633 Cisco NX-OS First Fixed First Fixed Release for All Software Release for This Vulnerabilities Described in Release Vulnerability the Bundle of Advisories Earlier 3.2(3l) 3.2(3l) than 3.2 3.2 3.2(3l) 3.2(3l) 4.0 4.0(2d) 4.0(4e) Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-fsip-dos Revision History o +---------+------------------------+-----------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+------------------------+-----------+--------+-----------------+ | | Updated the MDS and | Fixed | | | | 1.1 | UCS fixed release | Software. | Final | 2019-October-08 | | | tables. | | | | +---------+------------------------+-----------+--------+-----------------+ | 1.0 | Initial public | - | Final | 2019-August-28 | | | release. | | | | +---------+------------------------+-----------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco NX-OS Software IPv6 Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20190828-nxos-ipv6-dos First Published: 2019 August 28 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvn46719 CVE-2019-1964 CWE-20 CVSS Score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an unexpected restart of the netstack process on an affected device. The vulnerability is due to improper validation of IPv6 traffic sent through an affected device. An attacker could exploit this vulnerability by sending a malformed IPv6 packet through an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition while the netstack process restarts. A sustained attack could lead to a reboot of the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-ipv6-dos This advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software: Nexus 7000 Series Switches Nexus 7700 Series Switches For information about which Cisco NX-OS Software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects Indicators of Compromise o Exploitation of this vulnerability could cause an affected device to generate a core file of the /isan/bin/routing-sw/netstack process. To view device core files, administrators can use the show core command in the NX-OS CLI. To determine whether the device has been compromised by exploitation of this vulnerability, administrators are advised to contact the Cisco Technical Assistance Center (TAC) to review the core files. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate release as indicated in the applicable table in this section. To help ensure a complete upgrade solution, customers should consider that this advisory is part of a bundled publication. The following page provides a complete list of bundle advisories: Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . In the following table(s), the left column lists releases of Cisco FXOS Software or Cisco NX-OS Software. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by all the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. Nexus 7000 and 7700 Series Switches: CSCvn46719 Cisco First Fixed Release for This First Fixed Release for All NX-OS Vulnerability Vulnerabilities Described in Software the Bundle of Advisories Release Earlier Not vulnerable Not vulnerable than 8.1 8.1 8.2(3) 8.2(3) 8.2 8.2(3) 8.2(3) 8.3 Maintenance Upgrade 8.4(1) n7000-s2-dk9.8.3.2.CSCvn46719.bin 8.4 Not vulnerable Not vulnerable Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Related to This Advisory o ERP-72243 URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-ipv6-dos Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-August-28 | +---------+--------------------------+---------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco NX-OS Software NX-API Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-20190828-nxos-api-dos First Published: 2019 August 28 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvn26502CSCvn31273CSCvn57900 CVE-2019-1968 CVSS Score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:X/RC:X Summary o A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-api-dos Affected Products o Vulnerable Products At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco NX-OS Software and had the NX-API feature enabled: MDS 9000 Series Multilayer Switches Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform For information about which Cisco NX-OS Software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. This vulnerability affects only Cisco NX-OS devices that have the NX-API feature enabled. The NX-API feature is disabled by default. To determine whether an affected device is configured with the NX-API feature enabled, administrators can use the show feature | include nxapi command from the Cisco NX-OS CLI and verify that the feature is enabled. The following example shows the NX-API feature enabled on a device that is running Cisco NX-OS Software: nxos-switch# show feature | include nxapi nxapi 1 enabled Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects Details o To exploit this vulnerability, a remote attacker must send a crafted HTTP or HTTPS packet to external NX-API. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. MDS 9000 Series Multilayer Switches: CSCvn26502 Cisco NX-OS Software Release First Fixed Release for This Vulnerability 5.2 Not vulnerable 6.2 Not vulnerable 7.3 8.3(2) 8.1 8.3(2) 8.2 8.3(2) 8.3 8.3(2) 8.4 Not vulnerable Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvn31273 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 6.0(2)U4 Not vulnerable 6.0(2)U4, 6.0(2)U5, and 6.0(2)U6 7.0(3)I4(9) 6.1(2)I1 Not vulnerable 6.1(2)I2 and 6.1(2)I3 7.0(3)I4(9) 7.0(3)I4 7.0(3)I4(9) 7.0(3)I7 7.0(3)I7(6) 9.2 9.2(3) 9.3 Not vulnerable Nexus 3500 Platform Switches: CSCvn31273 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 6.0(2)A Not vulnerable 6.0(2)A8 6.0(2)A8(11a) 7.0(3)I7 7.0(3)I7(6) 9.2 9.2(3) 9.3 Not vulnerable Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvn31273 Cisco NX-OS Software Release First Fixed Release for This Vulnerability 7.0(3)F 9.2(3) 9.2 9.2(3) 9.3 Not vulnerable Nexus 5500 and 5600 Platform Switches and Nexus 6000 Series Switches: CSCvn57900 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 7.1 Not vulnerable 7.1 7.3(5)N1(1) 7.2 7.3(5)N1(1) 7.3 7.3(5)N1(1) Nexus 7000 and 7700 Series Switches: CSCvn26502 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 6.2 Not vulnerable 6.2 Not vulnerable 7.2 7.3(4)D1(1) 7.3 7.3(4)D1(1) 8.0 8.2(3) 8.1 8.2(3) 8.2 8.2(3) 8.3 8.3(2) 8.4 Not vulnerable Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-api-dos Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-August-28 | +---------+--------------------------+---------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability Priority: Medium Advisory ID: cisco-sa-20190828-nxos-ntp-dos First Published: 2019 August 28 16:00 GMT Last Updated: 2019 October 8 14:45 GMT Version 1.1: Final Workarounds: YesCisco Bug IDs: CSCvm35740CSCvm51138CSCvm51139CSCvm51142 CVE-2019-1967 CWE-399 CVSS Score: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-ntp-dos Affected Products o Vulnerable Products At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco NX-OS Software and had the NTP feature enabled: MDS 9000 Series Multilayer Switches Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform For information about which Cisco NX-OS Software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The NTP feature is enabled by default. Administrators can use the show running-config | include "feature ntp" command from the Cisco NX-OS CLI to verify if the NTP feature has been manually disabled. If the command returns empty output, the NTP feature is enabled and the device is vulnerable. If the command returns the following output, the NTP feature is disabled and the device is not vulnerable: nxos-switch# show running-config | include "feature ntp" no feature ntp Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects Indicators of Compromise o Exploitation of this vulnerability could cause the affected device to generate a constant stream of log messages similar to the following: USER-3-SYSTEM_MSG: NTP Receive dropping message: Received NTP private mode packet. Drop count: x - ntpd Customers are advised to contact their support organization to review the log messages and determine whether the vulnerability has been exploited on the device. Workarounds o Administrators can use the following configuration command on affected devices to reduce the logging level for daemons from the default value of 3 to 2: logging level daemon 2 This would eliminate device exposure to this issue but would cause the affected device to stop logging other syslog messages that might be useful to monitor device operations. Customers who are not using the NTP feature can disable it with the no feature ntp configuration command. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. MDS 9000 Series Multilayer Switches: CSCvm51139 Cisco NX-OS Software Release First Fixed Release for This Vulnerability 5.2 Not vulnerable 6.2 6.2(29) 7.3 8.3(2) 8.1 8.3(2) 8.2 8.3(2) 8.3 8.3(2) 8.4 Not vulnerable Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvm51138 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 6.0(2)U6 Not vulnerable 6.0(2)U6 7.0(3)I7(6) 7.0(3)I 7.0(3)I7(6) 9.2 9.2(2) 9.3 Not vulnerable Nexus 3500 Platform Switches: CSCvm51142 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 6.0(2)A6 Not vulnerable 6.0(2)A8 6.0(2)A8(11) 7.0(3)I7 7.0(3)I7(6) 9.2 9.2(2) 9.3 Not vulnerable Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvm51138 Cisco NX-OS Software Release First Fixed Release for This Vulnerability 7.0(3)F 9.2(2) 9.2 9.2(2) 9.3 Not vulnerable Nexus 5500, 5600, and 6000 Series Switches: CSCvm35740 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 7.1(4) Not vulnerable 7.1(4) 7.3(5)N1(1) 7.1(5) 7.3(5)N1(1) 7.2 7.3(5)N1(1) 7.3 7.3(5)N1(1) Nexus 7000 and 7700 Series Switches: CSCvm51139 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 6.2 Not vulnerable 6.2 7.3(3)D1(1) 7.2 7.3(3)D1(1) 7.3 7.3(3)D1(1) 8.0 8.2(3) 8.1 8.2(3) 8.2 8.2(3) 8.3 8.3(2) 8.4 Not vulnerable Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Action Links for This Advisory o Snort Rule 29393 URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-ntp-dos Revision History o +---------+------------------------+-----------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+------------------------+-----------+--------+-----------------+ | 1.1 | Updated the MDS fixed | Fixed | Final | 2019-October-08 | | | release table. | Software | | | +---------+------------------------+-----------+--------+-----------------+ | 1.0 | Initial public | - | Final | 2019-August-28 | | | release. | | | | +---------+------------------------+-----------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-20190828-nxos-memleak-dos First Published: 2019 August 28 16:00 GMT Last Updated: 2019 October 8 14:45 GMT Version 1.1: Final Workarounds: No workarounds availableCisco Bug IDs: CSCvi15409CSCvn50393CSCvn50443CSCvn50446CSCvn52167 CVE-2019-1965 CWE-400 CVSS Score: 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X Summary o A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-memleak-dos This advisory is part of the August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . Affected Products o Vulnerable Products This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software: MDS 9000 Series Multilayer Switches Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects For information about which Cisco NX-OS Software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode UCS 6400 Series Fabric Interconnects Details o The most common example of a remote management protocol is SSH but any management protocol including S/FTP, S/COPY and others to the management interface could trigger this vulnerability. Indicators of Compromise o Exploitation of this vulnerability can result in several different indicators of compromise on an affected device. 1. Exploitation of this vulnerability can result in a system memory leak due to the build-up of zombie VSH processes that were not terminated correctly. Administrators can view the process list using the show process NX-OS CLI command, as in the following example: # show processes PID State PC Start_cnt TTY Process ----- ----- -------- ----------- ---- ------------- 1574 S f537a3c 1 - vsh 2063 S f537a3c 1 - vsh . . . 4308 S f537a3c 1 - vsh 4690 S f537a3c 1 - vsh 4733 S f537a3c 1 - vsh 5081 S f537a3c 1 - vsh 5949 S f537a3c 1 - vsh 6118 S f537a3c 1 - vsh 6723 S f537a3c 1 - vsh 7315 S f537a3c 1 - vsh 9841 S f537a3c 1 - vsh 12866 S f537a3c 1 - vsh 13465 S f537a3c 1 - vsh 14836 S f537a3c 1 - vsh 15568 S f537a3c 1 - vsh 18289 S f537a3c 1 - vsh 18580 S f537a3c 1 - vsh 18601 S f537a3c 1 - vsh 19254 S f537a3c 1 - vsh 19782 S f537a3c 1 - vsh 20367 S f537a3c 1 - vsh 20517 S f537a3c 1 - vsh 20931 S f537a3c 1 - vsh 21753 S f537a3c 1 - vsh 22728 S f537a3c 1 - vsh 23544 S f537a3c 1 - vsh 23947 S f537a3c 1 - vsh 24825 S f537a3c 1 - vsh 25139 S f537a3c 1 - vsh 25862 S f537a3c 1 - vsh 26172 S f537a3c 1 - vsh 26334 S f537a3c 1 - vsh 26691 S f537a3c 1 - vsh 27303 S f537a3c 1 - vsh 28750 S f537a3c 1 - vsh 2. Exploitation of this vulnerability can result in the following error message when a user has a remote connection on the device: Error: Too many open files in system 3. Exploitation of this vulnerability could cause an affected device to reload and generate a core file. Because the core file is the end result of the system memory leak, the actual process to crash can be different each time. To view the device core files, administrators can use the show core command in the NX-OS CLI. Contact the Cisco Technical Assistance Center (TAC) to review the core file and determine whether the device has been compromised by exploitation of this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Mitigation for Cisco NX-OS Software-Configure a VTY Access Class On some platforms that are running Cisco NX-OS Software, it is possible to limit exposure of an affected device by creating a vty access control list (ACL) on the device and configuring the ACL to permit only known, trusted devices to connect to the device via Telnet and Secure Shell (SSH). This mitigation is not available on some platforms that are running Cisco NX-OS and should be used only where applicable. There is no Cisco UCS mitigation that addresses this vulnerability. The ACL in this example is for IPv4. This vulnerability can also be exploited against IPv6 interfaces. If the NX-OS device is configured for IPv6, the same ACL should be configured for the IPv6 address range. The following example shows an ACL that permits access to vtys from the 192.168.1.0/24 netblock and the single IP address 172.16.1.2 while denying access from all other addresses: ip access-list vtyacl 10 permit tcp 192.168.1.0/24 172.16.1.2/32 line vty access-class vtyacl in For more information about restricting traffic to vtys, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide . It is considered a best practice for an NX-OS device to have a vty ACL configured. Refer to the Cisco Guide to Securing Cisco NX-OS Software Devices for additional information about hardening Cisco NX-OS devices. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate release as indicated in the applicable table in this section. To help ensure a complete upgrade solution, customers should consider that this advisory is part of a bundled publication. The following page provides a complete list of bundle advisories: Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication . In the following table(s), the left column lists releases of Cisco FXOS Software or Cisco NX-OS Software. The center column indicates whether a release is affected by the vulnerability described in this advisory and the first release that includes the fix for this vulnerability. The right column indicates whether a release is affected by all the vulnerabilities described in this bundle and which release includes fixes for those vulnerabilities. MDS 9000 Series Multilayer Switches: CSCvn50393 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 5.2 6.2(27) 6.2(29) 6.2 6.2(27) 6.2(29) 7.3 8.4(1) 8.4(1) 8.1 8.4(1) 8.4(1) 8.2 8.4(1) 8.4(1) 8.3 8.4(1) 8.4(1) 8.4 Not vulnerable Not vulnerable Nexus 3000 Series Switches and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvi15409 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 7.0(3)I4(9) 7.0(3)I4(9) 7.0(3)I4 7.0(3)I4 7.0(3)I4(9) 7.0(3)I4(9) 7.0(3)I7 7.0(3)I7(4) 7.0(3)I7(6) 9.2 Not vulnerable 9.2(3) 9.3 Not vulnerable Not vulnerable Nexus 3500 Platform Switches : CSCvi15409 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 6.0(2)A 6.0(2)A8(11) 6.0(2)A8(11) 7.0(3)I7 7.0(3)I7(4) 7.0(3)I7(6) 9.2 Not vulnerable 9.2(3) 9.3 Not vulnerable Not vulnerable Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvi15409 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories 7.0(3) 9.2(1) 9.2(3) 9.2 Not vulnerable 9.2(3) 9.4 Not vulnerable Not vulnerable Nexus 5500, 5600, and 6000 Series Switches: CSCvn50446 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 7.1(5)N1(1b) 7.1(5)N1(1b) 7.1 7.1 7.1(5)N1(1b) 7.1(5)N1(1b) 7.3 7.3(5)N1(1) 7.3(5)N1(1) Nexus 7000 and 7700 Series Switches: CSCvn50443 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 6.2(22) 6.2(22) 6.2 6.2 6.2(22) 6.2(22) 7.2 7.3(4)D1(1) 7.3(4)D1(1) 7.3 7.3(4)D1(1) 7.3(4)D1(1) 8.0 8.2(3) 8.2(3) 8.1 8.2(3) 8.2(3) 8.2 8.2(3) 8.2(3) 8.3 8.4(1) 8.4(1) 8.4 Not vulnerable Not vulnerable UCS 6200 and 6300 Series Fabric Interconnects: CSCvn52167 Cisco NX-OS First Fixed Release First Fixed Release for All Software for This Vulnerabilities Described in the Bundle Release Vulnerability of Advisories Earlier than 3.2(3k) 3.2(3l) 3.2 3.2 3.2(3k) 3.2(3l) 4.0 4.0(2e) 4.0(4e) Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. Related to This Advisory o Cisco Event Response: August 2019 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-memleak-dos Revision History o +---------+-------------------------+----------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+-------------------------+----------+--------+-----------------+ | 1.1 | Updated the MDS and UCS | Fixed | Final | 2019-October-08 | | | fixed release tables. | Software | | | +---------+-------------------------+----------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-August-28 | +---------+-------------------------+----------+--------+-----------------+ - -------------------------------------------------------------------------------- Cisco NX-OS Software SNMP Access Control List Configuration Name Bypass Vulnerability Priority: Medium Advisory ID: cisco-sa-20190828-nxos-snmp-bypass First Published: 2019 August 28 16:00 GMT Version 1.0: Final Workarounds: Yes Cisco Bug IDs: CSCvo17439 CVE-2019-1969 CVSS Score: 5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-snmp-bypass Affected Products o Vulnerable Products At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco NX-OS Software with a specific SNMP ACL configured: Nexus 3000 Series Switches Nexus 3500 Platform Switches Nexus 3600 Platform Switches Nexus 9000 Series Switches in standalone NX-OS mode Nexus 9500 R-Series Switching Platform For information about which Cisco NX-OS Software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Administrators can use the show running-config | include "snmp-server" command to view the configured SNMP ACL for IPv4: nxos-switch# show running-config | include "snmp-server" snmp-server user <USER> use-ipv4acl <ACL NAME> If this command is present in the running configuration and the ACL name has the maximum length of 32 characters, the device should be considered vulnerable. This applies to IPv6 SNMP ACLs as well. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 1000 Virtual Edge for VMware vSphere Nexus 1000V Switch for Microsoft Hyper-V Nexus 1000V Switch for VMware vSphere Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 7700 Series Switches Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode UCS 6200 Series Fabric Interconnects UCS 6300 Series Fabric Interconnects UCS 6400 Series Fabric Interconnects Details o To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. A community string is a password that is applied to a device to restrict both read-only and read-write access to the SNMP data on the device. These community strings, as with all passwords, should be chosen carefully to ensure that they are not trivial. They should also be changed at regular intervals and in accordance with network security policies. For example, the strings should be changed when a network administrator changes roles or leaves the organization. To exploit this vulnerability via SNMP Version 3, the attacker must have user credentials for the affected system. Workarounds o As a workaround, administrators may reconfigure the SNMP ACL name to 31 characters or less. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table (s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Nexus 3000 Series Switches, Nexus 3500 Platform Switches and Nexus 9000 Series Switches in Standalone NX-OS Mode: CSCvo17439 Cisco NX-OS Software Release First Fixed Release for This Vulnerability Earlier than 7.0(3) Not vulnerable 7.0(3)I4 ^1 7.0(3)I7(6) ^1 7.0(3)I7 7.0(3)I7(6) 9.2 9.2(3) 9.3 Not vulnerable 1. The 7.0(3)I4 code train is not applicable to Nexus 3500 Platform Switches. Nexus 3600 Platform Switches and Nexus 9500 R-Series Switching Platform: CSCvo17439 Cisco NX-OS Software Release First Fixed Release for This Vulnerability 7.0(3)F 9.2(3) 9.2 9.2(3) 9.3 Not vulnerable Additional Resources For help determining the best Cisco NX-OS Software release for a Cisco Nexus Switch, administrators can refer to the following Recommended Releases documents. If a security advisory recommends a later release, Cisco recommends following the advisory guidance. Cisco MDS Series Switches Cisco Nexus 1000V for VMware Switch Cisco Nexus 3000 Series and 3500 Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 5500 Platform Switches Cisco Nexus 6000 Series Switches Cisco Nexus 7000 Series Switches Cisco Nexus 9000 Series Switches Cisco Nexus 9000 Series ACI-Mode Switches For help determining the best Cisco NX-OS Software release for Cisco UCS, refer to the Recommended Releases documents in the release notes for the device. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during resolution of a Cisco TAC support case. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ cisco-sa-20190828-nxos-snmp-bypass Revision History o +---------+--------------------------+---------+--------+-----------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+---------+--------+-----------------+ | 1.0 | Initial public release. | - | Final | 2019-August-28 | +---------+--------------------------+---------+--------+-----------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXZ57QGaOgq3Tt24GAQiO+A//RS36yNAH3e7MT31IaEMZvpMEc/r5AGZ/ 0ZmsAakWxJ7WI2ER9fJPojwzgOSz7Rz4a7tGrZ20zQP69M58dGD/eqbc66N6Hds0 nd9s8jQQPO00DjBoRe8GJcZoAXAEOMX8IHmMDNCVqwtdRhwW1x1uaXSXJOII6yFX //lBuFBhhlK4Q3+GYCeFU+i/7Gd5PbxI+mhjBRit1zp/lmnKPWca9r01AZz/y9ka gFv9Pph1OGZVP7mPmCms9dQEbUj+jEbHiz6hiehp5seMB/U51JoG+OzdpPbuD5L1 l+G8zyah5u0omoGPQUxGyj0wk2YRWY2YEo5R2FZd60UgGLIeieyv03pGcBEPZl5B IpossZQtdocrzVOtSXgKQoRVTgZSSsUYvvqreS7rIa50STvabmNzoA1fxjATJsdY RfFoW5oWuVyTzBWjDUZHdcGR1QEsFnYijPbmQ1jJYi7h//9AtcX0P9Idd+84MALY WRYJL4oDslezWoLOzQmqz9t+qgCvvgOQb7oRFmoEveqIJd3eAyg6uDBLk9gMf7FX vcEHIYfqzr7ASB3bd4C5JxIqYk6AFYqmRRF96lY0OydROY/tcXSq2VJPWpqXQYr/ +siohebXIAlp03Ph5msb4UsUKC3RVmNQXVK83knZFRHrRDg4Ey2ypg2PRKulwvKl e4+DdDphnt0= =hyD4 -----END PGP SIGNATURE-----