Cisco Nexus 1000V Insufficient VSM/VEM Authentication Vulnerability

A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to obtain control over a Virtual Ethernet Module (VEM) and associated port groups.

The vulnerability is due to insufficient authentication between a VEM and a Virtual Supervisor Module (VSM). An attacker could exploit this vulnerability by using spoofed STUN protocol packets, or setting up a rogue ESXi instance to gain control over a VEM.

Cisco would like to thank Felix ‘FX’ Lindner, Recurity Labs GmbH, for reporting this issue to us.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker may require access to a trusted, internal network in which a targeted device may reside. This access requirement could limit the likelihood of a successful exploit.

Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.