Cisco Nexus 5000 Series USB Driver Denial of Service Vulnerability

2015-12-0408:00:00

tools.cisco.com

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

Percentile

5.1%

JSON

A vulnerability in the USB driver for Cisco Nexus 5000 Series Switches could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition due to a kernel crash.

The vulnerability is due to insufficient handling of USB input parameters. An attacker could exploit this vulnerability by sending crafted USB parameters to be processed by the kernel of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus”]

Affected configurations

Vulners

Node

cisconx_osMatch5.2\(9\)n1

cisconx_osMatch5.2\(9\)n1\(1\)

VendorProductVersionCPE
cisconx_os5.2(9)n1cpe:2.3:o:cisco:nx_os:5.2\(9\)n1:*:*:*:*:*:*:*
cisconx_os5.2(9)n1(1)cpe:2.3:o:cisco:nx_os:5.2\(9\)n1\(1\):*:*:*:*:*:*:*