Lucene search

CiscoCISCO-SA-20150812-CVE-2015-4301

HistoryAug 12, 2015 - 9:41 p.m.

Cisco Nexus 9000 Series Resource Exhaustion Denial of Service Vulnerability

2015-08-1221:41:06

tools.cisco.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

EPSS

0.001

Percentile

43.8%

JSON

A vulnerability in Cisco Nexus 9000 Series software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

An attacker could exploit the vulnerability by copying large files to the device file system. Processing the large files could cause the device to stop responding, resulting in a DoS condition.

Cisco has confirmed the vulnerability and released software updates.

To exploit the vulnerability, an attacker must have authentication credentials to log in to the device and privileges that allow copying large files to the file system. These restrictions greatly reduce the potential for exploitation.

Affected configurations

Vulners

Node

cisconx_osMatchany

VendorProductVersionCPE
cisconx_osanycpe:2.3:o:cisco:nx_os:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx_os	any	cpe:2.3:o:cisco:nx_os:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150812-CVE-2015-4301

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

EPSS

0.001

Percentile

43.8%

JSON

Related for CISCO-SA-20150812-CVE-2015-4301