CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
66.3%
A vulnerability in the internal iptables configuration for local interfaces on the Cisco Nexus 9000 Series Switch could allow an unauthenticated, remote attacker to access certain sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.
The vulnerability is due to incorrect filtering of network traffic destined to certain TCP and UDP ports configured on a local interface. An attacker could exploit this vulnerability by connecting to the affected device on one of the exposed TCP or UDP ports. An exploit could allow the attacker to discover certain sensitive data which should be restricted and could be used to conduct further attacks.
Cisco has released software updates that address this vulnerability. A workaround to mitigate this vulnerability is available.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx_os | 7.0 | cpe:2.3:o:cisco:nx_os:7.0:*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3)i1 | cpe:2.3:o:cisco:nx_os:7.0\(3\)i1:*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3) | cpe:2.3:o:cisco:nx_os:7.0\(3\):*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3)i1(1) | cpe:2.3:o:cisco:nx_os:7.0\(3\)i1\(1\):*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3)i1(1a) | cpe:2.3:o:cisco:nx_os:7.0\(3\)i1\(1a\):*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3)i1(1b) | cpe:2.3:o:cisco:nx_os:7.0\(3\)i1\(1b\):*:*:*:*:*:*:* |
cisco | nx_os | 7.0(3)i1(2) | cpe:2.3:o:cisco:nx_os:7.0\(3\)i1\(2\):*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
66.3%