Vulnerability CVE-2015-6277


Published: 2015-09-02

Description:
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.

Vendor: Cisco
Product: Nexus 9000 
Version: 7.3(0)zd(0.61);
Product: Nx-os 
Version:
7.3(0)zd(0.61)
7.3(0)zd(0.47)
7.0(0)hsk(0.353)
4.1(2)e1
Product: Nexus 3000 
Version: 7.3(0)zd(0.47);
Product: Mds 9000 san-os 
Version: 7.0(0)hsk(0.353);
Product: San-os 
Version: 7.0(0)hsk(0.353);
Product: 1000v 
Version: 5.2(1)sv3(1.4);
Product: Nexus 1000v 
Version: 5.2(1)sv3(1.4);
Product: Nexus 4000 
Version: 4.1(2)e1;
Product: Mds 9000 

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.1/10
6.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/viewAlert.x?alertId=40748
http://www.securitytracker.com/id/1033443

Related CVE
CVE-2018-0225
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.
CVE-2018-0355
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability...
CVE-2018-0352
A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. The attacker must have valid user credentials with ...
CVE-2018-0340
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected ...
CVE-2018-0339
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability ...
CVE-2018-0338
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affec...
CVE-2018-0336
A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforc...
CVE-2018-0335
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker...

Copyright 2018, cxsecurity.com

 

Back to Top