You are here

U-107: Cisco NX-OS IP Packet Processing Flaw Lets Remote Users Deny Service

February 21, 2012 - 6:00am

Addthis

PROBLEM:

A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions.

PLATFORM:

Nexus 1000v, 5000, and 7000 Series Switches

ABSTRACT:

A remote user can send a specially crafted IP packet to cause the target device to reload.

reference  LINKS:

Cisco Advisory
SecurityTracker Alert ID:1026692
CVE-2012-0352

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in Cisco NX-OS. A remote user can cause denial of service conditions.
A remote user can send a specially crafted IP packet to cause the target device to reload.
The vulnerability occurs when the device attepts to obtain Layer 4 (e.g., UDP, TCP) data from the specially crafted IP packet.
Nexus 1000v, 5000, and 7000 Series Switches are affected.
Cisco has assigned Cisco Bug IDs CSCti23447 and CSCti49507 (Cisco Nexus 1000v and 7000 Series) and CSCtj01991 (Cisco Nexus 5000 Series) to this vulnerability.

Impact:

Denial of service via network

Solution:

The vendor has issued a fix (1000v: 4.2(1)SV1(5.1); 5000: 5.0(2)N1(1); 7000: 4.2.8, 5.0.5, 5.1.1).

 

Platform Major Release First Fixed Release
Nexus 1000v Series Switches 4.x (earlier than 4.2.x) Vulnerable; migrate to 4.2.x
4.2.x 4.2(1)SV1(5.1)
Nexus 5000 Series Switches 4.x Vulnerable; migrate to 5.x
5.0.x 5.0(2)N1(1)
5.1.x Not vulnerable
Nexus 7000 Series Switches 4.2.x 4.2.8
5.0.x 5.0.5
5.1.x 5.1.1
5.2.x Not vulnerable
6.x Not vulnerable

 

Addthis