SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco NX-OS Vendors:   Cisco
Cisco NX-OS Nexus 1000V IGMPv2/IGMPv3 Access Control Flaw Lets Remote Users Bypass Security Controls
SecurityTracker Alert ID:  1030194
SecurityTracker URL:  http://securitytracker.com/id/1030194
CVE Reference:   CVE-2014-0685   (Links to External Site)
Date:  May 6 2014
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Nexus 1000V
Description:   A vulnerability was reported in Cisco NX-OS Nexus 1000V. A remote user can bypass access controls in certain cases.

A remote user can can send IGMPv2 and IGMPv3 traffic to bypass 'deny' statements in access control lists (ACLs).

IGMPv1 processing is not affected.

Cisco Nexus 1000V InterCloud for VMware is affected.

The vendor has assigned bug ID CSCug61691 to this vulnerability.

Impact:   A remote user can bypass IGMPv2 and IGMPv3 access controls.
Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC