| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu78074 | Title: | Cisco Nexus 3000 ARP Denial of Service (DoS) Vulnerability |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
A vulnerability in the Address Resolution Protocol (ARP) input packet
processing of the Cisco Nexus Operating System (NX-OS) devices
unauthenticated, adjacent attacker to cause a denial of service (DoS)
condition.
The vulnerability is due to improper input validation of the ARP packet and
the Maximum Transmission Unit (MTU) size which results in a buffer overflow
which can cause the DoS condition. An attacker could exploit this vulnerability
by sending a crafted ARP packet to the device. An exploit could allow the attacker
to cause the device to be unavailable due to a DoS condition of the ARP module.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
The MTU size should be configured lower.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-4323 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 18-NOV-2015 |
|
Known Affected Releases: | 7.0(3)I2(0.373), 7.3(0)ZN(0.9) |
|
Known Fixed Releases: * | 7.0(3)I1(2.15), 7.0(3)I1(3), 7.0(3)I2(0.377), 7.0(3)I2(1), 7.0(3)ITI2(1), 7.0(3)ITI2(1.36), 8.3(0)CV(0.72) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw63806 | Title: | fast-reload: BGP session flap seen after fastboot |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
When BGP peer with a neighbor device is reachable over multiple ECMP next-hops and there are multiple BGP neighbors configured between the same devices and update-source is not configured for the neighbor BGP configuration, BGP session flap and syslog may be seen in some cases during bootup in case of switch reload/fast-reload.
Conditions:
BGP peer with a neighbor device reachable over multiple ECMP next-hops and there are multiple BGP neighbors configured between the same devices and update-source is not configured for the neighbor BGP configuration on both devices. In some rare cases BGP flap may be seen in case of fast-reload during bootup even with the update-source configuration but no impact on the convergence timing for the fast-reload.
Workaround:
update-source configuration in the BGP neighbor configuration in both the neighbor devices in such scenarios as mentioned in the conditions.
Further Problem Description:
|
|
Last Modified: | 07-NOV-2015 |
|
Known Affected Releases: | 7.0(3)I2(1.34), 7.0(3)I2(1.50) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw71568 | Title: | AAA Crashes when sytem is idle |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
AAA Crash and Core dumped
Conditions:
N/A
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 18-NOV-2015 |
|
Known Affected Releases: | 6.0(2)U3(7.99) |
|
Known Fixed Releases: * | 6.0(2)A7(0.296), 6.0(2)A7(1), 6.0(2)U7(0.296), 6.0(2)U7(1), 7.0(3)I3(0.112), 7.0(3)I3(1), 7.0(3)IDP3(1.12), 7.0(3)IDP3(2) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux31153 | Title: | N3K:not saving initial setup cause CoPP with only Class copp-s-selfIp |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
On N3K , not saving initial setup config cause only a CoPP policy config applied
Would you like to enter the basic configuration dialog (yes/no): yes
...
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]: n <============= not saving config
switch# sh run copp all
!Command: show running-config copp all
!Time: Thu Nov 26 00:38:45 2015
version 6.0(2)U6(4)
control-plane
scale-factor 1.00 module 1
class-map type control-plane match-any copp-s-selfIp
policy-map type control-plane copp-system-policy
class copp-s-selfIp
police pps 400
control-plane
service-policy input copp-system-policy
no copp rate-limit disable
Conditions:
Nexus3000
NXOS6.0(2)U6(4)
Workaround:
reconfigure setup again and save config
Further Problem Description:
|
|
Last Modified: | 26-NOV-2015 |
|
Known Affected Releases: | 6.0(2)U6(4) |
|
Known Fixed Releases: | |
|
|
| |
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论