CISCO : Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability (cisco-sa-20120215-nxos)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.103801

Categoría: CISCO

Título: Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability (cisco-sa-20120215-nxos)

Resumen: Cisco NX-OS Software is affected by a denial of service (DoS); vulnerability that could cause Cisco Nexus 1000v, 1010, 5000, and 7000 Series Switches, and the; Cisco Virtual Security Gateway (VSG) for Nexus 1000V Series Switches, that are running affected; versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet.

Descripción: Summary:
Cisco NX-OS Software is affected by a denial of service (DoS)
vulnerability that could cause Cisco Nexus 1000v, 1010, 5000, and 7000 Series Switches, and the
Cisco Virtual Security Gateway (VSG) for Nexus 1000V Series Switches, that are running affected
versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet.

Vulnerability Insight:
The vulnerability is in the operating system's IP stack and any
feature that makes use of services offered by the IP stack to parse IP packets is affected. For
instance, the following scenarios may trigger the vulnerability because they imply that Layer 4
(UDP or TCP) information is required to be able to perform the configured function:

- A malformed, transit IP packet that would normally be forwarded by the switch is received and
the Time-to-live (TTL) is 1. In this case, an ICMP error message (time exceeded) needs to be
generated. During generation of this ICMP message, the bug could be triggered.

- Policy-based routing is in use, and to make a routing decision, an incoming packet needs to be
parsed. If the packet is a malformed TCP segment and the routing policy uses TCP information for
routing decisions, then this bug could be triggered.

- An egress Access Control List (ACL) is applied to an interface and a malformed IP packet that
needs to be forwarded through that interface is received.

Note: This list is not exhaustive. It contains some of the scenarios that have been confirmed to
trigger the vulnerability described in this document. Other scenarios that require accessing
Layer 4 information of a malformed IP packet may also result in the vulnerability being
triggered.

Vulnerability Impact:
An attacker can exploit this issue to cause the device to crash,
denying service to legitimate users.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-0352
Cisco Security Advisory: 20120215 Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos

Copyright Copyright (C) 2013 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.103801
Categoría:	CISCO
Título:	Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability (cisco-sa-20120215-nxos)
Resumen:	Cisco NX-OS Software is affected by a denial of service (DoS); vulnerability that could cause Cisco Nexus 1000v, 1010, 5000, and 7000 Series Switches, and the; Cisco Virtual Security Gateway (VSG) for Nexus 1000V Series Switches, that are running affected; versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet.
Descripción:	Summary: Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 1010, 5000, and 7000 Series Switches, and the Cisco Virtual Security Gateway (VSG) for Nexus 1000V Series Switches, that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet. Vulnerability Insight: The vulnerability is in the operating system's IP stack and any feature that makes use of services offered by the IP stack to parse IP packets is affected. For instance, the following scenarios may trigger the vulnerability because they imply that Layer 4 (UDP or TCP) information is required to be able to perform the configured function: - A malformed, transit IP packet that would normally be forwarded by the switch is received and the Time-to-live (TTL) is 1. In this case, an ICMP error message (time exceeded) needs to be generated. During generation of this ICMP message, the bug could be triggered. - Policy-based routing is in use, and to make a routing decision, an incoming packet needs to be parsed. If the packet is a malformed TCP segment and the routing policy uses TCP information for routing decisions, then this bug could be triggered. - An egress Access Control List (ACL) is applied to an interface and a malformed IP packet that needs to be forwarded through that interface is received. Note: This list is not exhaustive. It contains some of the scenarios that have been confirmed to trigger the vulnerability described in this document. Other scenarios that require accessing Layer 4 information of a malformed IP packet may also result in the vulnerability being triggered. Vulnerability Impact: An attacker can exploit this issue to cause the device to crash, denying service to legitimate users. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0352 Cisco Security Advisory: 20120215 Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120215-nxos
Copyright	Copyright (C) 2013 Greenbone Networks GmbH