A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism.

Published : 2019-08-30 09:15 Updated : 2019-10-09 23:48

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Cisco Nx-os 12.3%281h%29 cpe:/o:cisco:nx-os:12.3%281h%29
Cisco Nx-os 13.1%282m%29 cpe:/o:cisco:nx-os:13.1%282m%29
Cisco Nx-os 13.1%282o%29 cpe:/o:cisco:nx-os:13.1%282o%29
Cisco Nx-os 13.1%282p%29 cpe:/o:cisco:nx-os:13.1%282p%29
  1. Cisco (1) Search CVE
    1. Nx-os (4) Search CVE
      1. 12.3%281h%29
      2. 13.1%282m%29
      3. 13.1%282o%29
      4. 13.1%282p%29


ID Name Description Links
CWE-371 State Issues Weaknesses in this category are related to improper management of system state. CVE

History of changes

Date Event
2019-09-05 13:14
2019-08-30 09:15