Wednesday, July 27, 2016

Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted device. An exploit could allow the attacker to cause a DoS condition.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2aeOtJm A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted device. An exploit could allow the attacker to cause a DoS condition.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2aeOtJm
Security Impact Rating: Medium
CVE: CVE-2016-1465

from Cisco Security Advisory http://ift.tt/2aeOtJm

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.