| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv49725 | Title: | Fabric view does not show N9k |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Fabric view does not show N9k.
Appropriate selection of Leaf, Spine, Border Leaf does need to be present (override)
Appropriate POD selection does need to be present (override)
Conditions:
new install with default values
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.1(1), 7.1(2), 7.2(1) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(1.63)S0, 7.2(1.69)S0, 7.3(0)D1(0.140), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.25), 7.3(0)IB(0.122), 7.3(0)OTT(0.73) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz44144 | Title: | Evaluation of dcnm-server for NTP_April_2016 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
includes a version of ntpd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519, CVE-2015-8138, CVE-2016-1550, CVE-2015-7704, CVE-2016-1547, CVE-2016-1548, CVE-2016-1549
And disclosed in http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
This product is affected by one or more of the listed CVE ids.
Conditions:
Device configured with NTP.
Cisco has reviewed and concluded that this product is affected by the following Common Vulnerability and Exposures (CVE) IDs:
* CVE-2016-2518 - Network Time Protocol Crafted addpeer With hmode > 7 Causes Array Wraparound With MATCH_ASSOC
* CVE-2015-8138 - Network Time Protocol Zero Origin Timestamp Bypass
* CVE-2016-1550 - Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks
* CVE-2015-7704 - Network Time Protocol Original Fix For NTP Bug 2901 Broke Peer Associations
* CVE-2016-1548 - Network Time Protocol Interleave-pivot Denial Of Service Vulnerability
* CVE-2016-1549 - Network Time Protocol Sybil Vulnerability: Ephemeral Association Attack
This product is not affected by the following Common Vulnerability and Exposures (CVE) IDs:
* CVE-2016-2516: Network Time Protocol Duplicate IPs On Unconfig Directives Will Cause An Assertion Botch In ntpd
* CVE-2016-2519 - Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked
* CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
* CVE-2016-1547 - Network Time Protocol CRYPTO-NAK Denial Of Service Vulnerability
* CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
Workaround:
Not available.
Further Problem Description:
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 6.4/5.3
http://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:N/I:P/A:P/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:L/IR:L/AR:
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 23-JUN-2016 |
|
Known Affected Releases: | 7.2(3) |
|
Known Fixed Releases: * | 10.0(1.56)S0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv76463 | Title: | VRF-common-universal profile can be edited & deleted when instantiated |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Network Profile (eg. TF or EF) cannot be edited or deleted, when they are instantiated. That provides customer a important level of protection against human errors. The same must apply to all vrf-common-universal profile (including customized ones), but this is not the current behavior
Conditions:
DCNM 7.2(1)
Workaround:
None
Further Problem Description:
None
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.2(1)S8 |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(1.63)S0, 7.2(1.66)S0, 7.2(1.71)S0, 7.3(0)D1(0.140), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.25), 7.3(0)IB(0.122) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz52387 | Title: | Evaluation of dcnm-server for OpenSSL May 2016 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
This product includes a version of OpenSSL that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176
And disclosed in https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
This bug has been opened to address the potential impact on this product.
Cisco has analyzed the vulnerabilities and concluded that this product may be affected by the following vulnerabilities:
Memory corruption in the ASN.1 encoder CVE-2016-2108
Padding oracle in AES-NI CBC MAC check CVE-2016-2107
EVP_EncodeUpdate overflow CVE-2016-2105
EVP_EncryptUpdate overflow CVE-2016-2106
ASN.1 BIO excessive memory allocation CVE-2016-2109
This product is not affected by the following vulnerability:
EBCDIC overread CVE-2016-2176
Conditions:
Exposure is not configuration dependent.
Workaround:
None
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base CVSS score as of the time of evaluation is: 5.1
https://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
The score reflects the maximum score for all the vulnerabilities mentioned in this bug information
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 20-JUN-2016 |
|
Known Affected Releases: | 7.2(3) |
|
Known Fixed Releases: * | 10.0(1.28)S0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur07367 | Title: | Cisco Prime Data Center Network Manager CVE-2014-6271 and CVE-2014-7169 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
The following Cisco product Cisco Prime Data Center Network Manager includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-6271
CVE-2014-7169
This bug has been opened to address the potential impact on this product.
Affected versions : DCNM 7.0(1) OVA installation and DCNM 7.0(2) OVA installation.
DCNM 6.x releases are not vulnerable and are not impacted.
Conditions:
Can be exploited by user who is authorized to login via ssh or vCenter console, and the authorized login opens a default bash shell.
Workaround:
Execute :
> yum update bash
This will update the bash shell and fix the violation.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained
from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not
reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 07-JUN-2016 |
|
Known Affected Releases: | 7.0(1), 7.0(2), 7.1(0)ZN(91.98), 7.1(0)ZN(91.99), 7.1(0.133), 7.2(0.1)PR(0.1), 7.2(0.1)VB(0.1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw21167 | Title: | Archive Job status column not getting updated for all jobs after Upgrade |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Archive job status is not updated for all jobs after upgrade.
Conditions:
All jobs getting executed however Job Status column is not getting updated for some Jobs ; or not getting updated intermittently .
Workaround:
For 1st execution it is not updated, when the job executes second time for the same device it get updated.
User can also check archive files creation for successful execution,if archive is created that means job is executed successfully.
Further Problem Description:
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.2(1.77) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(2.47)S0, 7.3(0)D1(0.156), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.43), 7.3(0)IB(0.122), 7.3(0)PDB(0.121), 7.3(0)RSP(0.7) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw07827 | Title: | Vxlan Details not showing and Vxlan-Vlan mapping missing |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
VxLAN-Vlan mapping is missing in VxLAN tab and in VxLAN topology search for N9K device. VxLAN tab missing in inventory page for VxLAN enabled N5K device.
Conditions:
When VxLAN feature is enabled on N9K/N5K devices and VxLAN-Vlan mapping is configured on N9K, and viewed through VxLAN tab/VxLAN topology search.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.1(1), 7.1(2), 7.2(1), 7.2(1.67) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(1.71)S0, 7.3(0)D1(0.140), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.25), 7.3(0)IB(0.122), 7.3(0)OTT(0.73), 7.3(0)PDB(0.102) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu75865 | Title: | Add global vlan profile subtype |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Changes made to Network based on Global-Vlan-Profile (no segment ID) are not refreshed on switches
Conditions:
Network created with a copy of "defaultNetworkUniversalTfGblVlanProfile" e.g. "defaultNetworkUniversalTfGblVlanProfile2"
Segment ID is configured but not used in profile.
Workaround:
Rename the profile to end with 'GblVlanProfile' (case-insensitive), e.g. 'customizedGblVlanProfile'. The network refresh will then use VLAN ID instead of Segment ID for customized global VLAN profile.
Further Problem Description:
This bug will support fully customized Global-Vlan-Profile names, as the trigger for refreshment is based on the profile subtype
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.2(0.39) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(1.22)S0, 7.2(1.23)S0, 7.3(0)D1(0.140), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.25), 7.3(0)IB(0.122), 7.3(0)OTT(0.73) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuz48783 | Title: | Top-Down: Populate Vlan operation picking from incorrect vlan pool |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | The Vlan Pool management is not Fabric Aware. The Vlan pools defined for Core/System dynamic VLANs defined in the Fabric settings are not recognized in this release. The Vlan pools are always read in from the Default LAN settings. Additionally, the VLAN settings are always read in during DCNM startup and applied to switches that use Vlan Range/Pool management in Top-Down deployments.
Updates to this Vlan Range are disruptive and not supported in the current DCNM release v10.
Please always update the Vlan Range and restart DCNM for the changes to take effect, ahead of making any Top-Down deployments and pool assignments via Top-Down deployments.
Symptom:
Core/System Dynamic Vlan Range is updated in Fabric settings or in LAN General Settings, but new Vlan range is not seen when requesting a vlan in top-down deployment.
Conditions:
Vlan range is changed after the DCNM is restarted.
Workaround:
Always make updates to Vlan Range ahead of any DCNM Top-Down deployment triggers.
Restart DCNM after Vlan Range updates.
If Vlan Range needs to be updated after any Top-Down deployments are triggered, the DCNM job instances will be required to be cleaned/lost.
Further Problem Description:
This is the behavior in the current release of the product. The Vlan range will be made Fabric aware and more dynamic to range updates in upcoming releases.
|
|
Last Modified: | 21-JUN-2016 |
|
Known Affected Releases: | 10.0(1)S3 |
|
Known Fixed Releases: * | 10.0(1.53)S0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux65213 | Title: | DCNM HA LVS Broken After Moving VM From One Host to Another |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
DCNM HA LVS Broken After Moving VM From One Host to Another
LVS HA mechanism is broken when both nodes do not display subinterfaces Eth0:1 and Eth1:1. The files ifcfg-eth0:1 and ifcfg-eth1:1 exist under the directory path /etc/sysconfig/network-scripts/ . When we tried to do a 'service network restart' the output displayed an IP conflict. The output of 'arptables -L' properly displayed the mangle on DCNM node B while the output of 'ipvsadm' properly displayed services on DCNM node A. And the WebUI under the Federation displayed inactive on node B while all datasources were on node A.
Conditions:
Happens always
Workaround:
After migrating node B to new ESXi host
ifdown eth1 on B
and then an ifdown eth1 on A
then bring up ifup eth1 on B
and then ifup eth1 on A
ifdown eth0 on B
and then an ifdown eth0 on A
then bring up ifup eth0 on B
and then ifup eth0 on A
After migrating node A to new ESXi host
ifdown eth1 on A
and then an ifdown eth1 on B
then bring up ifup eth1 on A
and then ifup eth1 on B
ifdown eth0 on A
and then an ifdown eth0 on B
then bring up ifup eth0 on A
and then ifup eth0 on B
Further Problem Description:
|
|
Last Modified: | 21-JUN-2016 |
|
Known Affected Releases: | 7.2(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu08025 | Title: | Need DB password in encrypted for some files |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Need DB password in encrypted for some files
Conditions:
normal
Workaround:
unknown
Further Problem Description:
|
|
Last Modified: | 13-JUN-2016 |
|
Known Affected Releases: | 6.3(2), 7.0(1), 7.1(2) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.108), 7.2(2.61)S0, 7.2(2.62)S0, 7.2(2.76)S0, 7.3(0)D1(0.179), 7.3(0)DG(0.3), 7.3(0)DX(0.93), 7.3(0)DX(1), 7.3(0)RSP(0.7), 7.3(0)SC(0.14) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux87028 | Title: | DCNM RabbitMQ/AMQP start 30sec in HA |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * | Symptom:
Need DCNM documentation to reflect requirement to start AMQP server on both DCNM's in HA within a 30 sec time window, or AMQP may not start.
Conditions:
DCNM Unified OVA install with HA server setup.
Workaround:
Stop and restart AMQP on both servers within 30 sec.
Further Problem Description:
|
|
Last Modified: | 23-JUN-2016 |
|
Known Affected Releases: | 7.2(2a), 7.2(2a)S1, 7.2(2a)S2, 7.2(2a)S3 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw18084 | Title: | Same name Partition Delete/Readd Fails already existing |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
DCNM Unified Fabric install, where delete and readd of the same named partition fails with already existing error.
Conditions:
DCNM 7.2(1) OVA Unified install, can not readd same Partition name after delete, fails with already exists.
In WebUI Config > Fabric> Auto-Configuration > Organizations > Partition(delete)(add)
Workaround:
Clear browser cache or restart browser, or restart DCNM.
Further Problem Description:
Note - same name for Partition if the trigger.
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.2(1), 7.2(1.67) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(1.81)S0, 7.3(0)D1(0.140), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.25), 7.3(0)IB(0.122), 7.3(0)OTT(0.73), 7.3(0)PDB(0.102) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv49707 | Title: | mouse over for N7k does not work on whole icon |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
mouse over for N7k in standard Topology does not work on whole icon. It is required to mouse over on certain small spots of the N7k to get additional information being showed up
Conditions:
new install with default values
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 01-JUN-2016 |
|
Known Affected Releases: | 7.1(1), 7.1(2), 7.2(1) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(1.64)S0, 7.3(0)D1(0.140), 7.3(0)DX(0.25), 7.3(0)DX(1), 7.3(0)EG(0.14), 7.3(0)GLF(0.25), 7.3(0)IB(0.122), 7.3(0)OTT(0.73), 7.3(0)PDB(0.102) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv49839 | Title: | Partition ID should be configurable |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Partition ID should be configurable and go along with the VRF/VLAN/L3VNI pool requirement
Conditions:
new install with default values
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 13-JUN-2016 |
|
Known Affected Releases: | 7.2(1) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.98), 7.2(2.14)S0, 7.2(2.38)S0, 7.2(2.40)S0, 7.2(2.52)S0, 7.3(0)D1(0.140), 7.3(0)D1(0.156), 7.3(0)D1(0.179), 7.3(0)DG(0.3), 7.3(0)DX(0.25) |
|
|
| |
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论