SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco NX-OS Vendors:   Cisco
Cisco NX-OS Lets Remote Adjacent Network Users Cause the Target ARP Service to Crash
SecurityTracker Alert ID:  1033443
SecurityTracker URL:  http://securitytracker.com/id/1033443
CVE Reference:   CVE-2015-6277   (Links to External Site)
Date:  Sep 2 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco NX-OS. A remote user on the local network can cause the target service to restart.

A remote user on the local network can send a specially crafted ARP packet to the target device to trigger an input validation flaw and cause the target ARP service to restart.

The vendor has assigned bug IDs CSCut25292, CSCuw02034, CSCuw02035, CSCuw02037, and CSCuw02038 to this vulnerability.

The following models and versions are affected:

Cisco MDS 9000 NX-OS and SAN-OS Software running NX-OS release 7.0(0)HSK(0.353)
Cisco Nexus 1000V Switch for VMware vSphere running NX-OS release 5.2(1)SV3(1.4)
Cisco Nexus 3000 Series Switches running NX-OS release 7.3(0)ZD(0.47)
Cisco Nexus 9000 Series Switches running NX-OS release 7.3(0)ZD(0.61)
Cisco Nexus 4000 Series Switches running NX-OS release 4.1(2)E1

Impact:   A remote user on the local network can cause the target ARP service to restart.
Solution:   Cisco has issued a fix.

[Editor's note: The fix is only available for Cisco Bug ID CSCut25292.]

The Cisco advisory is available at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=40748

Vendor URL:  tools.cisco.com/security/center/viewAlert.x?alertId=40748 (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC