A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default.

Published : 2019-08-30 09:15 Updated : 2019-10-09 23:48

CVSS Score More info
Score 5.0 / 10
Vendor Product Version URI
Cisco Nx-os 6.0%282%29a8 cpe:/o:cisco:nx-os:6.0%282%29a8
Cisco Nx-os 6.1%282%29i2 cpe:/o:cisco:nx-os:6.1%282%29i2
Cisco Nx-os 6.1%282%29i3 cpe:/o:cisco:nx-os:6.1%282%29i3
Cisco Nx-os 7.0%283%29f cpe:/o:cisco:nx-os:7.0%283%29f
Cisco Nx-os 7.0%283%29i4 cpe:/o:cisco:nx-os:7.0%283%29i4
Cisco Nx-os 7.0%283%29i7 cpe:/o:cisco:nx-os:7.0%283%29i7
Cisco Nx-os 7.1 cpe:/o:cisco:nx-os:7.1
Cisco Nx-os 7.2 cpe:/o:cisco:nx-os:7.2
Cisco Nx-os 7.3 cpe:/o:cisco:nx-os:7.3
Cisco Nx-os 8.0 cpe:/o:cisco:nx-os:8.0
Cisco Nx-os 8.1 cpe:/o:cisco:nx-os:8.1
Cisco Nx-os 8.2 cpe:/o:cisco:nx-os:8.2
Cisco Nx-os 8.3 cpe:/o:cisco:nx-os:8.3
Cisco Nx-os 9.2 cpe:/o:cisco:nx-os:9.2
  1. Cisco (1) Search CVE
    1. Nx-os (14) Search CVE
      1. 6.0%282%29a8
      2. 6.1%282%29i2
      3. 6.1%282%29i3
      4. 7.0%283%29f
      5. 7.0%283%29i4
      6. 7.0%283%29i7
      7. 7.1
      8. 7.2
      9. 7.3
      10. 8.0
      11. 8.1
      12. 8.2
      13. 8.3
      14. 9.2


ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-09-05 13:44
2019-08-30 09:15