5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.9%
A vulnerability in the implementation of the encryption for the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communications on the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to to disable encryption and integrity protections on a per-packet basis.
The vulnerability is due to insufficient authentication of VSM/VEM packets. An attacker could exploit this vulnerability by sending specially crafted packets to a vulnerable VSM or VEM.
Cisco would like to thank Felix ‘FX’ Lindner, Recurity Labs GmbH, for reporting this issue to us.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, the attacker would likely need access to a trusted, internal network to send specially crafted packets to a targeted device. This access restriction limits the possibility of a successful exploit.
Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.
CPE | Name | Operator | Version |
---|---|---|---|
cisco nx-os software | eq | 4.2(1)SV1 | |
cisco nx-os software | eq | 4.2(1)SV1(5.1) |