Cisco Nexus 4000 Series Switches IPv6 Denial of Service Vulnerability

2013-11-1314:59:06

tools.cisco.com

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.001

Percentile

50.4%

JSON

A vulnerability in the IP version 6 (IPv6) packet handling routine of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to stop responding to neighbor solicitation (NS) requests, causing a limited denial of service (DoS) condition.

The vulnerability is due to improper processing of adjacencies in the IPv6 neighbor table. An attacker could exploit this vulnerability by sending a sequence of malformed IPv6 packets to an affected device. An exploit could allow the attacker to cause a device to stop responding to NS requests, causing a limited DoS condition.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker would need access to the same broadcast or collision domain of the targeted device. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

cisconx_osMatch4.1\(2\)e1

cisconx_osMatch4.1\(2\)e1\(1\)

cisconx_osMatch4.1\(2\)e1\(1b\)

cisconx_osMatch4.1\(2\)e1\(1d\)

cisconx_osMatch4.1\(2\)e1\(1e\)

cisconx_osMatch4.1\(2\)e1\(1f\)

cisconx_osMatch4.1\(2\)e1\(1g\)

cisconx_osMatch4.1\(2\)e1\(1h\)

cisconx_osMatch4.1\(2\)e1\(1i\)

cisconx_osMatch4.1\(2\)e1\(1j\)

VendorProductVersionCPE
cisconx_os4.1(2)e1cpe:2.3:o:cisco:nx_os:4.1\(2\)e1:*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1b)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1b\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1d)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1d\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1e)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1e\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1f)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1f\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1g)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1g\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1h)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1h\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1i)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1i\):*:*:*:*:*:*:*
cisconx_os4.1(2)e1(1j)cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1j\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx_os	4.1(2)e1	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1:::::::*
cisco	nx_os	4.1(2)e1(1)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1\):::::::*
cisco	nx_os	4.1(2)e1(1b)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1b\):::::::*
cisco	nx_os	4.1(2)e1(1d)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1d\):::::::*
cisco	nx_os	4.1(2)e1(1e)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1e\):::::::*
cisco	nx_os	4.1(2)e1(1f)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1f\):::::::*
cisco	nx_os	4.1(2)e1(1g)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1g\):::::::*
cisco	nx_os	4.1(2)e1(1h)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1h\):::::::*
cisco	nx_os	4.1(2)e1(1i)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1i\):::::::*
cisco	nx_os	4.1(2)e1(1j)	cpe:2.3:o:cisco:nx_os:4.1\(2\)e1\(1j\):::::::*