5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
41.1%
Cryptographic issues in the Cisco Nexus 1000v could allow an unauthenticated, remote attacker to to inject traffic or eavesdrop on the communications between a Virtual Supervisor Module (VSM) and a Virtual Ethernet Module (VEM).
The issues are due to errors in the implementation of the cryptography employed for VSM to VEM communications. An attacker must have access to the Layer 2 management VLAN or the Layer 3 management traffic to exploit these issues.
Cisco would like to thank Felix ‘FX’ Lindner, Recurity Labs GmbH, for reporting this issue to us.
Cisco has confirmed the issue in a security notice; however, software updates are not available.
To exploit this issue, the attacker would likely need access to a trusted, internal network in which the targeted device may reside. This access restriction limits the possibility of a successful exploit.
Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.
CPE | Name | Operator | Version |
---|---|---|---|
cisco nx-os software | eq | 4.2(1)SV1 | |
cisco nx-os software | eq | 4.2(1)SV1(5.1) |