| |
Bug Id: | CSCut45879 |
Title: | MARCH 2015 OpenSSL Vulnerabilities |
|
Description: | Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288
This bug has been opened to address the potential impact on this product.
Conditions:
When DCNM is deployed as a virtual appliance using OVA or ISO. This is not applicable for Windows and Linux installers of DCNM.
Workaround:
Update the openssl with the latest version which has all the fixes.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 7.1/6.9
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUN-2015 |
|
Known Affected Releases: | 7.1(1) |
|
Known Fixed Releases: | 7.1(1.112)S0, 7.1(2.7)S0 |
|
|
| |
| |
Bug Id: | CSCus76975 |
Title: | DCNM auto-config profile name containing _space_ causes switch to reload |
|
Description: | Symptom:
Reload on device when a profile with a space in the name is applied to the device via auto configuration.
Conditions:
Profile created in DCNM for auto-config has a space in it.
Workaround:
Make sure that the profile name does not contain a space. Pre-packaged profiles do not have this issue, custom-generated profiles should adhere this naming convention.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 10-JUN-2015 |
|
Known Affected Releases: | 7.1(1) |
|
Known Fixed Releases: | 6.2(13)FM(0.54), 6.2(13)GS(0.15), 6.2(13.1)S0, 7.1(1.46)S0, 7.1(1.62)S0, 7.3(0)FM(0.4), 7.3(0)HM(0.5) |
|
|
| |
| |
Bug Id: | CSCuu21900 |
Title: | Security alerts may impact project NX-OS_SAN_LAN |
|
Description: | Symptoms:
This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2009-3626
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found
at http://cve.mitre.org/cve/cve.html.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The highest Base and Temporal CVSS scores of all vulnerabilities
tracked by this bug as of the time of evaluation are 5.0:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:W/RC:C
The Cisco PSIRT has assigned this score based on information obtained
from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not
reflect the actual impact on the Cisco Product.
CVE ID CVE-2009-3626 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 13-JUN-2015 |
|
Known Affected Releases: | 7.0(2) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut78596 |
Title: | upgraded dcnm from 7-0-2 to 7-1-1-103 -not able to https as before upgd |
|
Description: | Symptom:
When moving from Older OVA version to latest version. Latest version is configured by default to HTTP irrespective of whether the previous setup was HTTP/HTTPs.
Conditions:
When Upgrading an older OVA(HTTPs mode) to latest version.
Latest Version will be by default in HTTP mode.
Workaround:
User has to enable HTTPS using "appmgr update dcnm -h true".
It works in HTTPs with default self signed certificate.If User have added some CA signed certs ,he needs to configure it on the machine again.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 16-JUN-2015 |
|
Known Affected Releases: | 7.1(1.103), 7.2(0.49), 7.2(0.69) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut77407 |
Title: | APRIL 2015 NTPd Vulnerabilities |
|
Description: | Symptoms:
This product has been investigated to determine the applicability of the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-1798 and CVE-2015-1799
Cisco has analyzed this vulnerability and concluded that the previously listed products are not impacted.
Conditions:
Not applicable
Workaround:
Not applicable
Further Problem Description:
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has evaluated those issues and they do not meet the criteria for PSIRT ownership or involvement. Those issues will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of those issues, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 17-JUN-2015 |
|
Known Affected Releases: | 7.1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCup22646 |
Title: | Multiple Vulnerabilities in OpenSSL - June 2014 |
|
Description: | Symptom:
The following Cisco products
Cisco Prime Data Center Network Manager 7.0.1
Cisco Prime Data Center Network Manager 7.0.2
include a version of openssl that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2010-5298 - SSL_MODE_RELEASE_BUFFERS session injection or denial of service
CVE-2014-0076 - Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
CVE-2014-0198 - SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
This bug has been opened to address the potential impact on this product.
Conditions:
Devices with default configuration.
Workaround:
Not available.
Further Problem Description:
Cisco Data Center Network Manager 7.0.1 - Affected
Cisco Data Center Network Manager 7.0.2 - Affected
Cisco Data Center Network Manager 6.x, 5.x - Not Affected
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/6.8:
https://intellishield.cisco.com/security/alertmanager/cvss?target=new&version=2.0&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUN-2015 |
|
Known Affected Releases: | 7.0(2)S3 |
|
Known Fixed Releases: | 7.1(0.24)S0 |
|
|
| |
| |
Bug Id: | CSCuu33384 |
Title: | DCNM server unresponsive, appmgr, VM restart do not fix. |
|
Description: | Symptom:
DCNM Server unresponsive
Conditions:
Install Virtual Appliance or DCNM server
Use for some time
Browse to DCNM server
DCNM server is unresponsive or disconnects the HTTPS/HTTP connection.
appmgr restart does not solve issue.
Workaround:
none
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 22-JUN-2015 |
|
Known Affected Releases: | 7.1(2) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur89671 |
Title: | Cannot add ports into port-channel w/ multi-MD using device conformance |
|
Description: | Symptom:
DCNM generates the following config when trying to configure a Port-channel with mobility domain. It needs to be altered as given in the workaround
!
interface port-channel9
switchport mode trunk
no switchport trunk allocate vlan dynamic
no shutdown
switchport mobility-domain md1
!
interface Ethernet117/1/9
switchport
switchport mode trunk
no switchport trunk allocate vlan dynamic
spanning-tree port type edge trunk
spanning-tree bpduguard enable
no shutdown
channel-group 9
switchport mobility-domain md1
!
interface Ethernet117/1/10
switchport
switchport mode trunk
no switchport trunk allocate vlan dynamic
spanning-tree port type edge trunk
spanning-tree bpduguard enable
no shutdown
channel-group 9
switchport mobility-domain md1
!
Conditions:
POAP from DCNM is successful
Try to create a port-channel with mobility domain by editing the POAP definition
Generate the diff using DCNM device confirmance
Workaround(s):
Workaround:
interface port-channel222
switchport mode trunk
no switchport trunk allocate vlan dynamic
no shutdown
!
interface Ethernet117/1/10
switchport
switchport mode trunk
no switchport trunk allocate vlan dynamic
spanning-tree port type edge trunk
spanning-tree bpduguard enable
no shutdown
channel-group 222
!
interface Ethernet117/1/9
switchport
switchport mode trunk
no switchport trunk allocate vlan dynamic
spanning-tree port type edge trunk
spanning-tree bpduguard enable
no shutdown
channel-group 222
!
interface port-channel222
switchport mobility-domain md1
shutdown
no shutdown
!
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUN-2015 |
|
Known Affected Releases: | 7.1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus69452 |
Title: | Assess GHOST vulnerability for DCNM (CVE-2015-0235) |
|
Description: | Symptom:
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. This vulnerability is documented in CVE-2015-0235.
A Cisco Security Advisory has been published to document this vulnerability at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
This bug has been opened to address the potential impact on this product.
Conditions:
Any of the below of DCNM installer is used
dcnm-va.7.0.1.ova
dcnm-va.7.0.2.ova
dcnm-va.7.1.1.ova
dcnm-va.7.1.1.iso
Workaround:
Not available.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.3(2), 7.0(2), 7.1(1) |
|
Known Fixed Releases: | 7.1(1.52)S0 |
|
|
| |
| |
Bug Id: | CSCur07372 |
Title: | Cisco Prime Data Center Network Manager CVE-2014-6271 and CVE-2014-7169 |
|
Description: | Symptom:
The following Cisco product Cisco Prime Data Center Network Manager includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-6271
CVE-2014-7169
This bug has been opened to address the potential impact on this product.
Conditions:
Devices with default configuration.
Workaround:
None.
Further Problem Description:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained
from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not
reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 7.1(0)ZN(91.98), 7.1(0)ZN(91.99) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu82350 |
Title: | Evaluation of dcnm-server for OpenSSL June 2015 |
|
Description: | Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
This bug has been opened to address the potential impact on this product.
Conditions:
When the virtual appliance of DCNM is used (dcnm-va.ova or dcnm-va.iso)
Workaround:
Login to the SSH terminal of the DCNM virtual appliance and perform a "yum update openssl"
Further Problem Description:
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 7.8/6.4
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 7.1(1) |
|
Known Fixed Releases: | 7.2(1)S1, 7.2(1)S4, 7.2(1.3)S0, 7.2(1.6)S0 |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论