CISCO-SA-NXOS-ETHER-DOS-KV8YNWZ4

Vulnerable Products:

This vulnerability affects only the following Cisco Nexus 3600 and 9500-R Switching Platform product identifiers (PIDs) if they are running a vulnerable release of Cisco NX-OS Software and have EVPN configured:

N3K-C36180YC-R N3K-C3636C-R N9K-X96136YC-R N9K-X9636C-R N9K-X9636C-RX N9K-X9636Q-R

Note: The N9K-X9624D-R2 PID is not affected by this vulnerability.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.

Determine Which PIDs Are Installed

To view which PIDs are installed, use the show inventory CLI command:

9K-A# show inventory NAME: "Chassis", DESCR: "Nexus9500 C9508 (8 Slot) Chassis" PID: N85-C8508 , VID: V02 , SN: FGE19270WQ4

NNAME: "Slot 1", DESCR: "16x10G + 32x10/25G + 4x100G Module" PID: N9K-X96136YC-R , VID: V01 , SN: JAE222808LK

NAME: "Slot 2", DESCR: "36p 100G Ethernet Module" PID: N9K-X9636C-RX , VID: V00 , SN: JAE211803N0 . . .

Determine the EVPN Configuration

To determine whether EVPN is configured, use the show running-config | include nv overlay evpn CLI command. If this command exists in the device configuration, the device is considered vulnerable, as shown in the following example:

n9K# show running-config | include "nv overlay evpn" nv overlay evpnProducts Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 3000 Series Switches, other than the models listed in the Vulnerable Products section Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 9000 Series...