| |
|
Alert Type: | Updated * |
Bug Id: | CSCut37060 | Title: | Cisco Nexus 3000 ARP Denial of Service (DoS) Vulnerability |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in the Address Resolution Protocol (ARP) input packet
processing of the Cisco Nexus Operating System (NX-OS) devices
unauthenticated, adjacent attacker to cause a denial of service (DoS)
condition.
The vulnerability is due to improper input validation of the ARP packet and
the Maximum Transmission Unit (MTU) size which results in a buffer overflow
which can cause the DoS condition. An attacker could exploit this vulnerability
by sending a crafted ARP packet to the device. An exploit could allow the attacker
to cause the device to be unavailable due to a DoS condition of the ARP module.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
The MTU size should be configured lower.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-4323 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U5(1.41), 7.3(0)ZN(0.83) |
|
Known Fixed Releases: | 6.0(2)A5(1.42), 6.0(2)A5(2), 6.0(2)A6(1.124), 6.0(2)A6(2), 6.0(2)U5(1.42), 6.0(2)U5(2), 6.0(2)U6(0.124), 6.0(2)U6(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv71933 | Title: | Cisco Nexus 3500 ARP Denial of Service (DoS) Vulnerability |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in the Address Resolution Protocol (ARP) input packet
processing of the Cisco Nexus Operating System (NX-OS) devices
unauthenticated, adjacent attacker to cause a denial of service (DoS)
condition.
The vulnerability is due to improper input validation of the ARP packet and
the Maximum Transmission Unit (MTU) size which results in a buffer overflow
which can cause the DoS condition. An attacker could exploit this vulnerability
by sending a crafted ARP packet to the device. An exploit could allow the attacker
to cause the device to be unavailable due to a DoS condition of the ARP module.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
The MTU size should be configured lower.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-4323 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 7.3(0)ZN(0.83) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx66070 | Title: | CDP crashes when receiving malformed packet |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Cisco Nexus 1000, 3000, 4000, 5000, and 7000 switches as well as Cisco Unified Computing System Fabric Interconnect devices may restart after receiving malformed Cisco Discovery Protocol (CDP) Packets. An adjacent attacker, with the ability to submit malformed CDP traffic to an affected device could cause a denial of service condition while the device reloads or fails over to a redundant Supervisor card if so equipped.
Conditions:
Cisco Nexus Switches running an affected version of NX-OS.
Cisco Unified Computing System, Fabric Interconnect devices running an affected version of UCS Software.
Workaround:
Disable CDP on the affecte device, the CDP protocol is enabled by default.
NX-OS:
no cdp enable
UCS:
Add the 'disable cdp' command to all Network Control Policies
Further Problem Description:
This issue was identified through internal hardening efforts on the NX-OS platform.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2012-1322 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U2(1), 5.0(3)U4(1) |
|
Known Fixed Releases: | 5.0(3)U3(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv92956 | Title: | NX-API broken on 6.0(2)U6(2) |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
While enabling feature NXAPI on U6(2) official image, we are getting "not enough memory" error and we are not enabling this feature
Conditions:
Always
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U6(1.99) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui51551 | Title: | Unvalidated Pointers Could Result in Device Reload |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A vulnerability in the Open Network Environment Platform (ONEP) could allow an authenticated, remote attacker to cause a reload of the network
element.
The vulnerability is due to insufficient pointer validation of ONEP traffic processing. An attacker could exploit this vulnerability by sending a
crafted packet to the network element.
Conditions:
A network element configured for ONE-P processing.
Workaround:
Limit access to ONE-P process by using Control Plane Policing (CoPP) to define trusted sources and applications.
Further Problem Description:
You must be very careful about enabling the ONE-P feature on a network device. A non-secure implementation of ONE-P could provide the opportunity
for a malicious third party to gain control of a router or switch.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.3/5.2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5496
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U1(1), 6.0(2)U1(2) |
|
Known Fixed Releases: * | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2.4.11)EA, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(3)M1, 15.3(3)S0.8, 15.3(3)S1, 15.3(3)S2 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu09304 | Title: | N3500 may drop multicast packet intermittently in certain topology |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Couple of multicast packet drops at random time
Conditions:
N3500 receiving multicast traffic which it need to L2 switch but at the same time the same traffic can be received from some other interface on different Vlan.
Workaround:
The device in question encountering packet loss should be not allowed to receive same stream where one stream can be L2 switched and other L3 switch.
This corner case topology issue is fixed in latest code.
Further Problem Description:
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A4(1) |
|
Known Fixed Releases: | 6.0(2)A4(5.56), 6.0(2)A4(6), 6.0(2)A6(2.31), 6.0(2)A6(2.55), 6.0(2)A6(3), 6.0(2)U4(4.56), 6.0(2)U4(5), 6.0(2)U6(1.31), 6.0(2)U6(1.55), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu06246 | Title: | Cisco Nexus 3000 Vulnerability cmd injection via DHCP offer options |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Command injection via DHCP offer options used with PowerOn Auto Provisioning (POAP)
Conditions:
NX-OS Switch would have to be in a state where POAP is initiated, and if
an attacker can either:
A) Inject their own DHCP server and respond to the POAP DHCP request with
crafted DHCP options.
B) Compromise an existing DHCP server, and craft the specific DHCP
options.
Then during the POAP process, when the crafted DHCP options are processed
arbitrary commands on the system could be executed in the context of root
user.
Note this issue only occurs during the POAP DHCP boot process.
Workaround:
None.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:H/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-0658 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U5(1h), 6.0(2)U4(1), 6.0(2)U5(1) |
|
Known Fixed Releases: * | 6.0(2)A6(3), 6.0(2)U6(1.33), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut70482 | Title: | bcm_usd may crash on fast-reload and abort upgrade |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
bcm_usd may crash on fast-reload and abort upgrade
Conditions:
While running into HW parity error
Workaround:
Disable parity interrupts to prevent running into the condition.
CLIs to Enable/disable these interrupts.
test hardware internal bcm-usd bcm-diag-shell intr disable memfail <-disable interrupts
memscan i=300000000 Rate=0 <-Disable memscan
exit
sleep 5 continue with previous workflow (fast-reload cli...)
If for some reason, fast reload had to be aborted, re-enable these two interrupts
test hardware internal bcm-usd bcm-diag-shell intr enable memfail <- Enable interrupts
memscan i=10000000 rate=4096 on <- Enable Memscan
exit
Sample outputs:
Interrupt disable case:
bcm-shell.0> intr disable memfail
Disabled with mask 0x10000000. Mask was 0x10538010
bcm-shell.0> memscan i=300000000 Rate=0
MemSCAN: Started on unit 0
bcm-shell.0> memscan
MemSCAN: Running on unit 0
MemSCAN: Interval: 300000000 usec
MemSCAN: Rate: 0
Interrupt enable case:
bcm-shell.0> intr enable memfail
Enabled with mask 0x10000000. Mask was 0x00538010
bcm-shell.0> memscan i=10000000 rate=4096 on
MemSCAN: Started on unit 0
bcm-shell.0> memscan
MemSCAN: Running on unit 0
MemSCAN: Interval: 10000000 usec
MemSCAN: Rate: 4096
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U2(4.92.4Z), 6.0(2)U2(9.99) |
|
Known Fixed Releases: * | 6.0(2)U3(7.102), 6.0(2)U3(7.96), 6.0(2)U3(8), 7.0(3)I2(0.590), 7.0(3)I2(0.591), 7.0(3)I2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh57633 | Title: | Login credential not workin when file is copied as startupconfig |
|
Status: * | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Local credential does not work after a N3K is reloaded.
Steps to reproduce the problem:
1. use command copy to copy a configuration file to startup config (i.e. copy startup-config)
2. Reload the switch. Local credential does not work anymore
Conditions:
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U1(1a), 6.0(2)U1(3), 6.0(2)U2(1) |
|
Known Fixed Releases: | 6.0(2)U1(3) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut76803 | Title: | GLDN: syslogd hap reset seen while executing fast-reload in a loop |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Nexus 3000 may experience a syslogd hap reset after a reload.
Conditions:
The syslogd core has only been reported after a reload/upgrade.
Workaround:
Unknown at this time.
Further Problem Description:
|
|
Last Modified: | 24-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U3(5.95) |
|
Known Fixed Releases: * | 6.0(2)A6(4), 6.0(2)U3(7.99), 6.0(2)U3(8), 6.0(2)U6(1.72), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuq05010 | Title: | Nexus 3100: QSFP-40G-SR-BD V01 Generates TX-LOS after Multiple Reloads |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
Optical link does not come up after switch reload.
Conditions:
- QSFP-40G-SR-BD V01 (serial number up to and including AVM1813xxxx)
- Multiple reloads
Workaround:
Two workarounds are available on this platform:
- Reseat QSFP
- Reload switch
Further Problem Description:
This is an intermittent issue with a very low failure rate , field failure rate is less than 0.01%.
Issue is not seen in QSFP-40G-SR-BD V02.
Related bug for Nexus 7000: CSCuo76571
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U3(2.61) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuf36771 | Title: | N3k-OF:Vlan ID is removed when packets are punted to controller |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When the Datapath Service Set is asked to provide Layer-2 frames to it's client, the frames will be missing any 802.1Q or QinQ header that may have originally been on the frame.
This in turn affects any OpenFlow packets sent to the controller, preventing the controller from properly performing reactive-mode learning switch or similar operations.
Conditions:
When 802.1q tagged packets need to be diverted via the OneP Datapath Service Set to a client, including to an OpenFlow controller by way of the Cisco Plug-in for OpenFlow Agent.
Workaround:
no known workarounds.
Further Problem Description:
|
|
Last Modified: | 21-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U3(0.728) |
|
Known Fixed Releases: * | 15.2(4.0)ST, 15.2(4.0.21)E, 15.2(4.0.64a)E, 15.2(5.0)ST, 6.0(2)A4(1), 6.0(2)U4(1), 7.0(0)FHS(0.23), 7.0(0)KMS(0.12), 7.1(0)ES(0.10), 7.1(0)ES(0.11) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtr61490 | Title: | ACL leak if "remark" is added to ACL |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Summary
A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists
(ACLs) that are configured on the device.
Cisco has released free software updates that address this vulnerability.
A workaround is available to mitigate this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110907-nexus.shtml
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-2581 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U2(1) |
|
Known Fixed Releases: | 5.0(3)U1(2a) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCup29172 | Title: | Nexus31xx: Known unicast flooding after link flaps or STP TCNs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Nexus 3100 switch flood traffic destined to mac-addresses learnt. This issue could occur for traffic in VLANs or VxLANs.
Conditions:
Nexus 3100 switches running any pre 6.0(2)U4(1) or 6.0(2)A4(1) releases.
This issue is normally seen after link flap(s) or Spanning-tree Topology Change Notifications (TCNs).
Workaround:
Clear the mac-address entry using "clear mac address-table dynamic " command.
To fix the issue, upgrade to 6.0(2)U4(1)/6.0(2)A4(1) or later releases.
More Info:
Minimum and Recommended Cisco NX-OS Releases for Cisco Nexus 3000, 3100, and 3500 Series Switches:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/recommended_release/b_Minimum_and_Recommended_Cisco_NX-OS_Releases_for_Cisco_Nexus_3000_Series_Switches.html
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U3(1.51) |
|
Known Fixed Releases: | 6.0(2)A4(0.760), 6.0(2)A4(1), 6.0(2)U4(0.760), 6.0(2)U4(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtr10146 | Title: | N3K - ospfv2 memory leak when receiving specific malformed packets |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
OSPF process leaks memory when receiving specially-crafted packet
Conditions:
This issue may occur when the switch processes a malformed packet.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-2539 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U1(1d) |
|
Known Fixed Releases: | 5.0(3)U1(2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv60679 | Title: | S,G Does not form for Non Directly Connected source with mroute command |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
S,G not form for non directly connected source even with ip mroute command configuration.
Conditions:
This issue can be seen only if same switch need to act as FHR (due to ip mroute command) and RP both.
Workaround:
Keep RP on different switch.
Further Problem Description:
We have already fixed this issue using current bug id.
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U5(3.55) |
|
Known Fixed Releases: | 6.0(2)A5(3.56), 6.0(2)A5(4), 6.0(2)A6(3.95), 6.0(2)A6(4), 6.0(2)A7(0.196), 6.0(2)A7(1), 6.0(2)U5(3.56), 6.0(2)U5(4), 6.0(2)U6(1.95), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua68258 | Title: | SYSRET 64-bit operating system privilege escalation |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: * | Symptoms:
On June 12, 2012, US CERT published VU 649219 addressing a local privilege escalation vulnerability in several 64-bit operating systems and virtualization software running on Intel CPU hardware. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
Link to VU: http://www.kb.cert.org/vuls/id/649219
Intel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel-specific SYSRET behavior into account may be vulnerable.
CVE-2012-0217 and CVE-2006-0744 have been issued to document this issue in the industry.
This bug has been filed to investigate and track this issue in this product.
Conditions:
This issue has not been confirmed to be exploitable in this product. However, this is a locally exploitable vulnerability and a valid user must be authenticated before he/she can exploit this issue.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.6/6.3:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C&version=2.0
CVE IDs CVE-2012-0217 and CVE-2006-0744 havebeen assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 9.5(1)N1(7.8) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur83153 | Title: | NDB may stop working unexpectedly |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
After some time of normal operation, Nexus Data Broker (NDB) is suddenly no longer reachable
through the GUI.
Openflow switches using the underlying XNC as controller report a connection failure to the
controller. For example:
2014 Nov 9 05:06:22 switch01 %VMAN-5-VIRT_INST_NOTICE: VIRTUAL SERVICE
ofa_ndbemb LOG: OVS: sw1<->tcp:10.0.0.1:6653%management: no response to
inactivity probe after 5 seconds, disconnecting
2014 Nov 9 05:06:22 switch01 %VMAN-5-VIRT_INST_NOTICE: VIRTUAL SERVICE
ofa_ndbemb LOG: OVS: sw1<->tcp:10.0.0.1:6653%management: connection failed
(Connection reset by peer)
Conditions:
This has been observed on NDB 2.0 running embedded on a Nexus 3548 running NXOS 6.0(2)A4(1)
It is not confirmed at this time whether or not other versions or other platforms are affected.
Workaround:
Restart the NDB service:
conf t
onep
virtual-service ofa_ndb
no activate
activate
exit
Please note: unsaved changes in NDB will be lost.
Further Problem Description:
This defect only affects the working of the controller and the NDB application, it does not
affect the flows created by the controller, except flows that were created but not saved.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.7:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 04-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U4(0.41) |
|
Known Fixed Releases: * | 6.0(2)A4(5.47), 6.0(2)A4(6), 6.0(2)A6(0.17), 6.0(2)A6(1), 6.0(2)U4(4.47), 6.0(2)U4(5), 6.0(2)U6(0.17), 6.0(2)U6(1), 7.0(0)BZ(0.46), 7.0(0)HSK(0.357) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv73666 | Title: | Change in UTC offset when N3548 lost its Primary Grandmaster clock |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When N3548 becomes Grandmaster in any case, UTC offset is transmitted from N3548 as hardcoded 35 [UTC offset till June 30 2015]. Hence all PTP client has to go for the time adjustment of 500Milliseconds when Cisco become the GM.
Conditions:
When GM [through GPS] is not available, N3548 will GM till the best master is available.
Workaround:
No workaround available
Further Problem Description:
N3548 does not save the UTC offset received from best master. The UTC offset can be reused by N3548 if the UTC offset from last known best master could be saved. Due to this, UTC offset fluctuates when the GM is unavailable for any reason and N3548 takes over as grand master.
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A6(3.100) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut97806 | Title: | 1G link not up in QI2-CR with autoneg enabled. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
1G ports does not link up between Nexus 3172PQ and other peers
Conditions:
When Nexus 3172 is configured in 48x10G+6x40G portmode
Workaround:
Two options:
a) Configure portmode as 48x10g+breakout6x40g. In this mode, 1G ports does not have this issue. Also the last QSFP ports will work in 40G mode.
b) Disable auto-negotiation (AN) on the affected interface using "no negotiate auto" in interface configuration mode. Note that this command will fail while the interface is assigned to a port-channel. Procedure in this case is to first remove the "channel-group" command, then add the "no negotiate auto" and then re-apply the "channel-group".
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: * | 6.0(2)A6(3), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv69723 | Title: | Cisco NX-OS IGMP Malformed Packet DoS Vulnerability |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in the Internet Group Management Protocol (IGMP) Version 3 (IGMPv3) input
packet processing of the Nexus Operating System (NX-OS) could allow an unauthenticated,
adjacent attacker to cause the IGMP process to restart due to a malformed IGMP packet.
This can cause a denial of service (DoS) condition on the device.
The vulnerability is due to improper input validation when ensuring that the memory allocated
is large enough for the number of included sources in the IGMPv3 packet. An attacker could
exploit this vulnerability by sending a crafted IGMPv3 packet to the device. An exploit could
allow the attacker to cause the IGMP process to restart due to a buffer overflow which causes
the DoS condition. If the malformed IGMPv3 packet is continuously sent the device the DoS
condition will remain and the device is unavailable.
Conditions:
IGMP Version 3 snooping is configured on one or more Virtual Local Area Networks (VLANs).
Workaround:
The IGMP Version 3 snooping configuration has to be removed.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2015-4324 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 7.3(0)ZN(0.81) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu78074 | Title: | Cisco Nexus 3000 ARP Denial of Service (DoS) Vulnerability |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms:
A vulnerability in the Address Resolution Protocol (ARP) input packet
processing of the Cisco Nexus Operating System (NX-OS) devices
unauthenticated, adjacent attacker to cause a denial of service (DoS)
condition.
The vulnerability is due to improper input validation of the ARP packet and
the Maximum Transmission Unit (MTU) size which results in a buffer overflow
which can cause the DoS condition. An attacker could exploit this vulnerability
by sending a crafted ARP packet to the device. An exploit could allow the attacker
to cause the device to be unavailable due to a DoS condition of the ARP module.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
The MTU size should be configured lower.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-4323 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-AUG-2015 |
|
Known Affected Releases: | 7.0(3)I2(0.373) |
|
Known Fixed Releases: | 7.0(3)I2(0.377), 7.0(3)I2(1), 8.3(0)CV(0.72) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut89022 | Title: | FR upgrade from FP to ICARIA2 does not get XCVR info |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
After fastreload, port goes to 'SFP not Inserted' after FR upgrade from FP to ICARIA2 on 3132*
Conditions:
Fast reload upgrade from 6.0(2)U3*, 6.0(2)U4* to 6.0(2)U5* or 6.0(2)U6*
Workaround:
Do a install-all upgrade.
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: * | 6.0(2)A6(3), 6.0(2)U6(1.43), 6.0(2)U6(2), 6.0(2)U7(0.168), 6.0(2)U7(0.169), 6.0(2)U7(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv38309 | Title: | N3k: New syslog to print tcam usage in ALPM mode |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
New Requirement to have new syslog for Host table exhaustion for IPv4 and IPv6.
Conditions:
Syslog for Host table exhaustion for IPv4 and IPv6
Workaround:
None
Further Problem Description:
The final 'new syslog' with CLI knob has been added with DDTS CSCuv58031
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U5(1) |
|
Known Fixed Releases: | 6.0(2)A5(3.52), 6.0(2)A5(4), 6.0(2)A6(3.89), 6.0(2)A6(4), 6.0(2)U5(3.52), 6.0(2)U5(4), 6.0(2)U6(1.89), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv95538 | Title: | N3K AFM memory leak in libglib-2.0.so.0.1600.3 |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
AFM service hap reset due to a memory leak
Conditions:
This has been seen on N3K platform running 6.0(2)A6(3) code.
show platform afm mem-stats detail
154 [r-xp]/lib/libc-2.8.so 10151 10153 985546 1220292
157 [r-xp]/lib/libglib-2.0.so.0.1600.3 210512 210684 63038322 63079362
--------------------------------------------------------------------------------
Total bytes: 64320620 (62813k)
--------------------------------------------------------------------------------
Total bytes: 455700 (445k)
--------------------------------------------------------------------------------
Grand total bytes: 89982801 (87873k)
LHC-JPM-EMM-ASN-P01# show process memory | i afm
3691 241053696 565047718 1400832 287354880 58527744 fff86900/ffffffff afm
Workaround:
Not Known
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A4(5) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut88214 | Title: | Nexus 3172 forwards both copies of IP redirect frames |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
A Nexus 3100 series switch is not able to suppress the software forwarded copies of IP redirected packets. This results in duplicate packets being forwarded to the intended host. This has been observed only on the Nexus 3100 series platform and works fine on the Nexus 3500 series
Conditions:
a) IP redirects enabled on the interface which is routing packet.
b) Incoming and outgoing interface of routed packet needs to be the same for the redirect configuration to take effect.
Workaround:
There are two workarounds.
a) Configure no ip redirects under the interface
OR
b) Configure peer-gateway if the switches are set up as VPC
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U4(1), 6.0(2)U5(1), 6.0(2)U6(1) |
|
Known Fixed Releases: * | 7.0(3)I2(0.453), 7.0(3)I2(1), 8.3(0)CV(0.123) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu82362 | Title: | Evaluation of Nexus 3000 and Nexus 3500 for OpenSSL June 2015 |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
This bug has been opened to address the potential impact on this product.
Conditions:
Device configured with features that leverage SSL/TLS
Workaround:
Not available.
More Info:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 7.8/6.4
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U5(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv24760 | Title: | Service "fs-daemon" (PID 4259) hasn't caught signal 6 (core will be save |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:
fs-daemon process may restart unexpectedly.
Conditions:
unknown
Workaround:
Unknown
Further Problem Description:
|
|
Last Modified: | 25-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U3(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv89462 | Title: | ACE with ttl extn not displayed in running config |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
ACE with ttl does not show up in the running config.
Conditions:
Any Access-list with TTL extn
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 22-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv69891 | Title: | Nexus 3000 Fiji My station tcam corrupt |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
packet loss
Conditions:
Workaround:
Bounce peer gateway
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U2(9.99) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv67133 | Title: | Interface config wipeout failed on defaulting tunnel interface with desc |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When a tunnel interface, which has description configured, is defaulted using "default interface tunnel " command, it will fail.
"show run interface tunnel " would still show description configured.
Conditions:
Applicable for Tunnel interface and description must have been configured
Workaround:
Go to interface config mode for the same tunnel interface and do "no description" manually for work around
Further Problem Description:
|
|
Last Modified: | 20-AUG-2015 |
|
Known Affected Releases: | 7.0(3)I2(0.530) |
|
Known Fixed Releases: | 7.0(3)I2(0.539), 7.0(3)I2(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv65211 | Title: | "copy file start" reload incorrectly loads version in file boot variable |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
When executing a "copy file start" + regular reload, the device incorrectly loads the version specified in the files boot variables. It should boot the current version
Conditions:
When executing a "copy file start" + regular reload, the device incorrectly loads the version specified in the files boot variables. It should boot the current version
Workaround:
Make sure config file specifies the correct boot variables of the version you would like to run.
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U6(1), 6.0(2)U6(1.94), 7.0(3)I2(0.527) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut02440 | Title: | When N3500 is GM, PTP Announce comes with utc_reasonable flag set to F |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When a Nexus 3500 is Grandmaster, the utc_reasonable flag in the ptp announce message is set to false.
In a design with an active and standby GM clocks. In case of active GM failure, Nexus may become GM for a short while till the standby takes over. Because Nexus doesn't set the utc_reasonable flag, the clock on the slave ptp devices will jump by utc_offset (35 sec).
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 19-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A1(1c), 6.0(2)A4(4) |
|
Known Fixed Releases: * | 6.0(2)A4(5.47), 6.0(2)A4(6), 6.0(2)A6(1.127), 6.0(2)A6(2), 6.0(2)U4(4.47), 6.0(2)U4(5), 6.0(2)U6(0.127), 6.0(2)U6(1), 7.0(3)I2(0.569), 7.0(3)I2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv08443 | Title: | Cisco Nexus 3000 VDC Authenticated Privilege Escalation Vulnerability |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
A vulnerability in Command Line Interface (CLI) parser of the Cisco Nexus Operating
System (NX-OS) devices could allow an authenticated, local attacker to perform a
privilege escalation at the CLI.
The vulnerability is due to improper input validation of special characters within
filenames. An attacker could exploit this vulnerability by authenticating at the local
shell and writing a file to disk with certain special characters. The attacker could then
use that file with other CLI commands to obtain an shell prompt at their current
privilege level. An exploit could allow the attacker to read/write files and perform
other privileged commands.
Conditions:
Device running with default configuration running an affected version of
software.
Workaround:
The user has to be authenticated so use care when distributing ''admin''
credentials to only trusted sources.
Further Problem Description:
Credit:
Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
4.3/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2015-4237 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 7.2(0)ZZ(99.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul23419 | Title: | Cisco NX-OS Arbitrary File Read Vulnerability |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Summary
Cisco NX-OS software contains a directory traversal vulnerability within the command line interface that could allow a local, authenticated
attacker to disclose the contents of arbitrary files on the affected device. An attacker could leverage the NX-OS ''copy'' command to duplicate
the contents of arbitrary files on the device to a user writable area of the filesystem. As the new file will be owned by the authenticated
user, the attacker will be able to view the contents.
This vulnerability affects the following platforms which are based on Cisco NX-OS:
Cisco Nexus 7000
Cisco MDS 9000
Cisco Nexus 6000
Cisco Nexus 5500
Cisco Nexus 5000
Cisco Nexus 4000
Cisco Nexus 3500
Cisco Nexus 3000
Cisco Nexus 1000V
Cisco Connected Grid Router 1000 Series
Cisco Unified Computing System Fabric Interconnect 6200
Cisco Unified Computing System Fabric Interconnect 6100
Conditions
Device is running an affected version of Cisco NX-OS software; An authenticated user with the privileges to run the copy command.
Further Problem Description:
This issue was discovered during internal testing by Cisco.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are :
4.6/4.4
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:C/I:N/A:N/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2013-6975 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6975
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U2(1) |
|
Known Fixed Releases: | 7.0(3)I2(0.97), 7.0(3)I2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuf66434 | Title: | Onep error when trying to add an interface to the logical switch |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Adding an interface to a Logical switch fails and the interface is put in link-down state
Conditions:
Happens after the interface with an acl configured is attempted to be added to the LS. Even after the interface is removed and the acl cleaned up, the subsequent adds fail.
Workaround:
Don't add an interface with an acl configured to the LS.
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A1 |
|
Known Fixed Releases: * | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(1.2.16)PI22, 15.2(2.4.11)EA, 15.2(2.6.89)EA, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.13)T, 15.3(2.14.1)PIB23 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu75498 | Title: | Cisco Nexus 3000 Message of the Day (MOTD) Telnet Login Vulnerability |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
A vulnerability in Message of the Day (MOTD) or banner functionality of the NX-OS
operating system could allow an unauthenticated, remote attacker to cause the login
process to reset .
The vulnerability is due to the MOTD display handling when a certain type of terminal
session is requested via telnet. An attacker could exploit this vulnerability by repeatedly
issuing a telnet session to the NX-OS device and causing the login process to reset. An
exploit could allow the attacker to cause the login process of the NX-OS device to reset repeatedly.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
1. Do not use the ''$(line)'' nomenclature in the MOTD display text string with the Command Line
Interface (CLI) command ''banner motd <>''.
2. If using the Whatsup Gold (WUG) network monitoring tool upgrade to version 16.2 or later.
Further Problem Description:
To protect the NX-OS switch from such a vulnerability the user can also limit who can telnet or ssh
into the switch by applying access list at the Virtual Terminal Line (VTY) level. For more information
please refer to:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/security/503_u1_1/b_Cisco_n3k_security_cg_503_u1_1/b_Cisco_n3k_security_cg_503_u1_1_chapter_
0110.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2015-0775 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 7.2(0)ZN(99.67) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCts10188 | Title: | Integrate CSCtr44645 to Nexus 3K |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Cisco Nexus OS contains a vulnerability that could allow an authenticated,
local attacker to execute arbitrary commands on a targeted device. The
vulnerability is due to improper sanitization of user-supplied values to
command line interface commands.
An authenticated, local attacker could exploit the vulnerability by issuing
commands that contain malicious options on the device command line interface.
If successful, the attacker could gain elevated privileges on the targeted device.
Conditions:
Injection can be done via either the less or the section sub command. Full
details below:
----------------------------------------------------------------------
NX-OS - "less" sub-command - Command injection / sanitization issues.
----------------------------------------------------------------------
Affected Products:
==================
The following products are affected by this vulnerability:
+-----------------------------------------------------------------+
| Affected Product | Cisco Bug | First Fixed |
| | ID | Release |
|-----------------------------------+------------+----------------|
| Cisco Nexus 7000 Series Switches | CSCtf40008 | 4.2(6) |
| | | 5.1(1) |
|-----------------------------------+------------+----------------|
| Cisco Nexus 5000 Series Switches | CSCtf40008 | 4.2(1)N2(1) |
|-----------------------------------+------------+----------------|
| Cisco Nexus 2000 Series Switches | CSCtf40008 | 4.1(1)N2(1) |
|-----------------------------------+------------+----------------|
| Cisco Nexus 1000V Series Switches | CSCtf40008 | 4.2(1)SV1(5.1) |
|-----------------------------------+------------+----------------|
| Cisco MDS 9000 Software | CSCtf40008 | 4.2(6) |
| | | 5.1(1) |
|-----------------------------------+------------+----------------|
| Cisco Unified Computing System | CSCtg18363 | 1.3(1c) |
| | | 1.4(1i) |
+-----------------------------------------------------------------+
The following are not affecfed by the "less" sub-command - command injection
vulnerability.
* Cisco Nexus 3000 Series Switches
* Cisco Nexus 4000 Series Switches
-------------------------------------------------------------------------
NX-OS - "section" sub-command - Command injection / sanitization issues.
-------------------------------------------------------------------------
Affected Products:
==================
The following products are affected by this vulnerability:
+--------------------------------------------------------------+
| Affected Product | Cisco Bug | First Fixed |
| | ID | Release |
|-----------------------------------+------------+-------------|
| Cisco Nexus 7000 Series Switches | CSCtr44645 | 5.2(1) |
|-----------------------------------+------------+-------------|
| Cisco Nexus 5000 Series Switches | CSCtr44645 | 5.1(3)N1(1) |
|-----------------------------------+------------+-------------|
| Cisco Nexus 3000 Se
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U1(1) |
|
Known Fixed Releases: | 5.0(3)U2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty07273 | Title: | Hidden 'filesys delete' command does not properly restrict input |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Cisco NX-OS software contains a directory traversal vulnerability within the command line interface that could allow a local, authenticated
attacker to delete arbitrary files on the affected device. An attacker could leverage the NX-OS ?filesys delete? command to delete arbitrary
files on the device.
This vulnerability affects the following platforms which are based on Cisco NX-OS:
Cisco Nexus 7000
Cisco MDS 9000
Cisco Nexus 6000
Cisco Nexus 5500
Cisco Nexus 5000
Cisco Nexus 4000
Cisco Nexus 3500
Cisco Nexus 3000
Cisco Nexus 1000V
Cisco Connected Grid Router 1000 Series
Cisco Unified Computing System Fabric Interconnect 6200
Cisco Unified Computing System Fabric Interconnect 6100
Conditions:
Device is running an affected version of Cisco NX-OS software.
Workaround:
Restrict access to trusted users.
Further Problem Description:
This issue was discovered during internal testing by Cisco.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are :
4.6/4.4
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:C/A:N/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-4135 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4135
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U1(2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx83731 | Title: | CDP memory leak on repeated TLVs |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Cisco Nexus 1000, 3000, 4000, 5000, and 7000 switches may leak memory when processing malformed Cisco Discovery Protocol (CDP) Packets, this can lead to an eventual reload of the switch. An adjacent attacker, with the ability to submit malformed CDP traffic to an affected device could cause a denial of service condition while the device reloads or fails over to a redundant Supervisor card if so equipped.
Conditions:
Cisco Nexus Switches running an affected version of NX-OS.
Workaround:
Disable CDP on the affecte device, the CDP protocol is enabled by default.
NX-OS:
no cdp enable
Further Problem Description:
This issue was identified through internal hardening efforts on the NX-OS platform.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.7/4.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-1323 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U2(2b) |
|
Known Fixed Releases: | 5.0(3)U4(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtu10584 | Title: | CDP memory leak on device id |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Cisco Nexus devices contain a memory leak vulnerability. An unauthenticated, adjacent attacker can trigger a 1 byte memory leak by submitting a
maliciously crafted CDP packet to the affected device.
Conditions:
Cisco Nexus devices running an affected version of NX-OS Software.
Workaround:
If not required, Disabling CDP is an effective mitigation for this issue.
Further Problem Description:
This issue was identified during an internal security audit of Cisco Nexus and related devices.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
3.3/2.7:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U2(1) |
|
Known Fixed Releases: | 5.0(3)U3(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul90560 | Title: | Provide more options if N3500 shuts down all interfaces |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
This is not a bug. This is an enhancement to request a new feature in N3500.
After CSCui89328, there is a chance that N3500 shuts down all interface in the following
1. There are 10 parity errors in the same RPM block (MAC table has 20 RPM blocks)
2. there are concurrent parity error in the same RPM block
In a typical vPC implementation, mgmt interface is used for vPC keepalives. If the N3500 is the vPC primary siwthc and shuts down all interface due to MAC table parity error, it will cause a major problem because all vPC on the secondary switch will be suspended.
This bug requests a new command to allow customer to control desirable behavior when N3500 shuts down all ports due to MAC table parity. Some examples are:
1. shut down the mgmt interface
2. logs an error message and reload the switch
Conditions:
This bugs affects software version up to 6.0(2)A1(1c)
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A1(1c) |
|
Known Fixed Releases: * | 6.0(2)A4(5.59), 6.0(2)A4(5.60), 6.0(2)A4(5.61), 6.0(2)A4(5.63), 6.0(2)A4(5.65), 6.0(2)A4(5.66), 6.0(2)A4(5.67), 6.0(2)A4(5.68), 6.0(2)A4(5.72), 6.0(2)A4(6) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtu10567 | Title: | CDP memory leak on port id |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Cisco Nexus devices contain a memory leak vulnerability. An unauthenticated, adjacent attacker can trigger a 1 byte memory leak by submitting a
maliciously crafted CDP packet to the affected device.
Conditions:
Cisco Nexus devices running an affected version of NX-OS Software.
Workaround:
If not required, Disabling CDP is an effective mitigation for this issue.
Further Problem Description:
This issue was identified during an internal security audit of Cisco Nexus and related devices.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
3.3/2.7:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U2(1) |
|
Known Fixed Releases: | 5.0(3)U3(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua39147 | Title: | Command injection with SSH keypair functionality |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptoms:
Cisco Nexus devices contain a local command injection vulnerability within the SSH key generation configuration commands of the CLI. An authenticated, local attacker could
inject commands that are subsequently executed on the underlying operating system with elevated privileges.
The vulnerability exists due to a failure to properly sanitize all user supplied input prior to using it to execute commands on the underlying operating system. An attacker with
administrative level privileges on an affected device could inject arbitrary commands that are then executed on the underlying operating system with elevated privileges.
Conditions:
Cisco Nexus devices running an affected version of Cisco NX-OS software.
Workaround:
None.
Further Problem Description:
This vulnerability can only be exploited by an administrator with sufficient privileges to execute the affected commands.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/6.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-4139 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 06-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U2(2c) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCue26728 | Title: | N3k:chassis may be reloaded at nestack hap reset |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
Crash during telnet. Same symptoms as CSCub69862
Conditions:
Netstack crash with telnet
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 29-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U1(1a) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv68669 | Title: | Slow-receiver feature cannot be applied on 1G interface |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When applying "slow-receiver" on a 1G port generates the following error message:
"Multicast slow receiver configuration is supported only on 1G ports"
Conditions:
Applying hardware profile multicast slow-receiver port on a 1G interface
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A6(3.68) |
|
Known Fixed Releases: | 6.0(2)A6(3.101), 6.0(2)A6(4), 6.0(2)U6(1.101), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv97195 | Title: | n3048 : cannot boot tftp or boot usb from loader prompt |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
1. The n30xx platform fails to boot tftp: from the loader prompt unless a reboot command is executed from the loader prompt first.
2. The usb device is not recognized from the loader prompt.
Conditions:Normal conditions.
Workaround:1. Execute the reboot command from the loader prompt prior to the tftp. When the reboot completes and execution returns to the loader prompt, the boot tftp: command will be successful.
|
|
Last Modified: | 28-AUG-2015 |
|
Known Affected Releases: | 7.0(3)I2(0.585) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut93953 | Title: | Add POAP script verification and additional logging |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
POAP script verification and additional logging
1) version number to be commented/pointed at the beginning of the script - To help indentify the version -
2) The image dst path, system image path should point to the bootflash.
3) both indents, tab and Space both present ( Esp line 238) ? could do a PEP-8 standard check. This can cause issues
4) SCP protocol is hardcoded, customers who prefer TFTP will need manually change. - provide a variable opt SCP or TFTP and other supporting protocols.
5) Enable logging when calling each method.
6) stack trace should spew if script fails / exception handling - Dump stack on the console.
7) add support for open source Pylint package ? A static analysis tool to help compile python script for errors.
8) could add comments on top of the script with Step by step instructions and best practice recommendations.
9) md5sum update is not working. Have elaborate logging to point out the broken piece.
10) Organize the variables ( config, path, location etc) at the top so an end user only sets the variables. This way not much of the script changes are needed.
Conditions:
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 27-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U3(5.95), 6.0(2)U5(1) |
|
Known Fixed Releases: * | 6.0(2)A6(3), 6.0(2)U6(1.48), 6.0(2)U6(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut79953 | Title: | Copy to HTTP server returns HTML response from HTTP server to cli |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
When copying a file from N3K to HTTP server, the N3K outputs to the cli the HTML response from the HTTP server. This is no ideal for the user to see.
Conditions:
When copying a file from N3K to HTTP server, the N3K outputs to the cli the HTML response from the HTTP server. This is no ideal for the user to see.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 26-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U5(1), 6.0(2)U6(1) |
|
Known Fixed Releases: * | 8.3(0)CV(0.123) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh32375 | Title: | Support OneP functionality in n3k |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
OneP session not establishing in n3k platform.
Conditions:
OneP Session request was not working when OneP client is trying to connect to n3k switches.
Workaround:
No Workaround.
More Info:
Ported OneP code from n7k freetown to n3k fiji_feat branch.
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U3(0.60) |
|
Known Fixed Releases: * | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2.4.11)EA, 15.2(2.6.89)EA, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.4(0.4)T, 15.4(0.9)S, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCue88599 | Title: | Cleanup mgmt-policy funct and lockdown iptables to be more restrictive |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptoms:
This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.
Conditions:
Device configured with default configuration.
Workaround:
Not applicable or available.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 0/0:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:N/E:U/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 11-AUG-2015 |
|
Known Affected Releases: | 5.0(3)U3(2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur67743 | Title: | N3K vPC Optimization for faster convergence during flaps |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Currently we are seeing above 500 ms convergence times during the MCEC and MCT flap events.
Conditions:
Convergence is higher when the MCEC/MCT is flapped.
Workaround:
Further Problem Description:
|
|
Last Modified: | 31-AUG-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: * | 6.0(2)A6(4.107), 6.0(2)A6(5), 6.0(2)A7(0.184), 6.0(2)A7(0.187), 6.0(2)A7(0.188), 6.0(2)A7(1), 6.0(2)U6(2.107), 6.0(2)U6(3), 6.0(2)U7(0.184), 6.0(2)U7(0.187) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv77388 | Title: | N3k: Need Warning Syslog when input voltage exceeds threshold |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This is an enhancement to add a warning syslog message when the input power voltage exceeds the allowed threshold
Conditions:
None
Workaround:
Instantaneous input voltage can be checked via CLI command:
# show env power input
Further Problem Description:
|
|
Last Modified: | 17-AUG-2015 |
|
Known Affected Releases: | 6.0(2)A4(5) |
|
Known Fixed Releases: | |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论