A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.
The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted device. An exploit could allow the attacker to cause a DoS condition.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2aeOtJm A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.
The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted device. An exploit could allow the attacker to cause a DoS condition.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2aeOtJm
Security Impact Rating: Medium
CVE: CVE-2016-1465
from Cisco Security Advisory http://ift.tt/2aeOtJm
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.