A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.
2020-02-26T17:15:13.140
2024-11-21T05:30:28.420
Modified
CVSSv3.1: 5.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | nx-os | < 8.4\(1\) | Yes |
| Hardware | cisco | mds_9132t | - | No |
| Hardware | cisco | mds_9148s | - | No |
| Hardware | cisco | mds_9148t | - | No |
| Hardware | cisco | mds_9216 | - | No |
| Hardware | cisco | mds_9216a | - | No |
| Hardware | cisco | mds_9216i | - | No |
| Hardware | cisco | mds_9222i | - | No |
| Hardware | cisco | mds_9506 | - | No |
| Hardware | cisco | mds_9509 | - | No |
| Hardware | cisco | mds_9513 | - | No |
| Hardware | cisco | mds_9706 | - | No |
| Hardware | cisco | mds_9710 | - | No |
| Hardware | cisco | mds_9718 | - | No |
| Operating System | cisco | nx-os | < 8.2\(5\) | Yes |
| Hardware | cisco | nexus_7000 | - | No |
| Hardware | cisco | nexus_7700 | - | No |