5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.9%
A vulnerability in the Cisco Nexus 1000V could allow an unauthenticated, remote attacker to obtain control over a Virtual Ethernet Module (VEM) and associated port groups.
The vulnerability is due to insufficient authentication between a VEM and a Virtual Supervisor Module (VSM). An attacker could exploit this vulnerability by using spoofed STUN protocol packets, or setting up a rogue ESXi instance to gain control over a VEM.
Cisco would like to thank Felix ‘FX’ Lindner, Recurity Labs GmbH, for reporting this issue to us.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker may require access to a trusted, internal network in which a targeted device may reside. This access requirement could limit the likelihood of a successful exploit.
Customers are advised to review the bug reports in the “Vendor Announcements” section for a current list of affected versions.
CPE | Name | Operator | Version |
---|---|---|---|
cisco nx-os software | eq | 4.2(1)SV1 | |
cisco nx-os software | eq | 4.2(1)SV1(5.1) |