Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability

A vulnerability in the implementation of the encryption for the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communications on the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to to disable encryption and integrity protections on a per-packet basis.

The vulnerability is due to insufficient authentication of VSM/VEM packets. An attacker could exploit this vulnerability by sending specially crafted packets to a vulnerable VSM or VEM.

Cisco would like to thank Felix ‘FX’ Lindner, Recurity Labs GmbH, for reporting this issue to us.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, the attacker would likely need access to a trusted, internal network to send specially crafted packets to a targeted device. This access restriction limits the possibility of a successful exploit.

Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.