This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2012-02-16
Product Nexus 1000v Last view 2013-11-17
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:*:*:* 6
cpe:2.3:h:cisco:nexus_1000v:4.2(1)vsg1(1):-:*:*:*:nexus_1000v:*:* 1
cpe:2.3:h:cisco:nexus_1000v:5.2(1)sm1(5.1):-:*:*:*:microsoft_hyper-v:*:* 1
cpe:2.3:h:cisco:nexus_1000v:4.2(1)sv1(5.1a):-:*:*:*:vmware_vsphere:*:* 1
cpe:2.3:h:cisco:nexus_1000v:4.2(1)sv1(5.1):-:*:*:*:vmware_vsphere:*:* 1
cpe:2.3:h:cisco:nexus_1000v:4.2(1)_sv1(4b):-:*:*:*:vmware_vsphere:*:* 1
cpe:2.3:h:cisco:nexus_1000v:4.2(1)_sv1(4a):-:*:*:*:vmware_vsphere:*:* 1
cpe:2.3:h:cisco:nexus_1000v:4.2(1)sv1(5.2):-:*:*:*:vmware_vsphere:*:* 1
cpe:2.3:h:cisco:nexus_1000v:4.2(1)_sv1(4):-:*:*:*:vmware_vsphere:*:* 1

Related : CVE

  Date Alert Description
6.8 2013-11-17 CVE-2013-5556

The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.

6.8 2013-07-10 CVE-2013-3400

The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824.

5 2013-05-29 CVE-2013-1213

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840.

5.8 2013-05-29 CVE-2013-1212

The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837.

8.3 2013-04-25 CVE-2013-1178

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.

7.8 2012-02-16 CVE-2012-0352

Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-399 Resource Management Errors
16% (1) CWE-310 Cryptographic Issues
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0100 Multiple Vulnerabilities in Cisco NX-OS-Based Products
Severity: Category I - VMSKEY: V0037772

Nessus® Vulnerability Scanner

id Description
2014-11-04 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sn-CVE-2013-5556-nxos.nasl - Type: ACT_GATHER_INFO
2013-05-31 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20130424-nxosmulti-nxos.nasl - Type: ACT_GATHER_INFO