Cisco Nexus 7000 Series Switches Access-Control Filtering Mechanisms Bypass Vulnerability

A vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system.

The vulnerability is due to the device failing to inspect specific traffic when other ACL checking mechanisms are in place. An attacker could exploit this vulnerability by issuing crafted commands for which a particular ACL would not match defined traffic. An exploit could allow the attacker to bypass certain rulesets defined on a Network Time Protocol (NTP) ACL.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cns [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cns”]