Lucene search

CiscoCISCO-SA-20130429-CVE-2013-1226

HistoryApr 29, 2013 - 8:32 p.m.

Cisco Nexus 7000 Frame Forwarding Loop Denial of Service Vulnerability

2013-04-2920:32:45

tools.cisco.com

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

30.1%

JSON

Cisco NX-OS Software running on Nexus 7000 Series Switches contains a vulnerability that could allow an unauthenticated, remote attacker with access to an adjacent network to cause a denial of service (DoS) condition.

The vulnerability is due to mishandling of a specific type of nonstandard Ethernet frame by the affected software. An unauthenticated, remote attacker with access to an adjacent network could exploit the vulnerability by sending an unspecified crafted nonstandard Ethernet frame to a targeted device. A successful exploit could allow the attacker to cause a frame forwarding loop, resulting in a DoS condition.

Cisco has confirmed the vulnerability in a security notice and has released software updates.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.

Affected configurations

Vulners

Node

cisconx_osMatch4.1

cisconx_osMatch5.0

cisconx_osMatch4.2

cisconx_osMatch5.1

cisconx_osMatch5.2

cisconx_osMatch6.1

cisconx_osMatch6.0

cisconx_osMatch4.1\(2\)

cisconx_osMatch4.1\(3\)

cisconx_osMatch4.1\(4\)

cisconx_osMatch4.1\(5\)

cisconx_osMatch5.0\(2a\)

cisconx_osMatch5.0\(3\)

cisconx_osMatch5.0\(5\)

cisconx_osMatch4.2\(2a\)

cisconx_osMatch4.2\(3\)

cisconx_osMatch4.2\(4\)

cisconx_osMatch4.2\(6\)

cisconx_osMatch4.2\(8\)

cisconx_osMatch5.1\(1\)

cisconx_osMatch5.1\(1a\)

cisconx_osMatch5.1\(3\)

cisconx_osMatch5.1\(4\)

cisconx_osMatch5.1\(5\)

cisconx_osMatch5.1\(6\)

cisconx_osMatch5.2\(1\)

cisconx_osMatch5.2\(3a\)

cisconx_osMatch5.2\(4\)

cisconx_osMatch5.2\(5\)

cisconx_osMatch5.2\(7\)

cisconx_osMatch5.2\(9\)

cisconx_osMatch6.1\(1\)

cisconx_osMatch6.1\(2\)

cisconx_osMatch6.1\(3\)

cisconx_osMatch6.0\(1\)

cisconx_osMatch6.0\(2\)

cisconx_osMatch6.0\(3\)

cisconx_osMatch6.0\(4\)

CPENameOperatorVersion
cisco nx-os softwareeq4.1
cisco nx-os softwareeq5.0
cisco nx-os softwareeq4.2
cisco nx-os softwareeq5.1
cisco nx-os softwareeq5.2
cisco nx-os softwareeq6.1
cisco nx-os softwareeq6.0
cisco nx-os softwareeq4.1(2)
cisco nx-os softwareeq4.1(3)
cisco nx-os softwareeq4.1(4)

Name	Operator	Version
cisco nx-os software	eq	4.1
cisco nx-os software	eq	5.0
cisco nx-os software	eq	4.2
cisco nx-os software	eq	5.1
cisco nx-os software	eq	5.2
cisco nx-os software	eq	6.1
cisco nx-os software	eq	6.0
cisco nx-os software	eq	4.1(2)
cisco nx-os software	eq	4.1(3)
cisco nx-os software	eq	4.1(4)