Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability [CVE-2021-1588]
CVE number – CVE-2021-1588
A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.
Vulnerable Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the MPLS OAM feature enabled:
- Nexus 3000 Series Switches (CSCvx66765)
- Nexus 7000 Series Switches (CSCvx48078)
- Nexus 9000 Series Switches in standalone NX-OS mode (CSCvx66765)
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.