Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2012-02-16 |
Product | Nexus 1000v | Last view | 2013-11-17 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2013-11-17 | CVE-2013-5556 | The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. |
6.8 | 2013-07-10 | CVE-2013-3400 | The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. |
5 | 2013-05-29 | CVE-2013-1213 | Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to cause a denial of service (false VEM unavailability report) via a flood of UDP packets, aka Bug ID CSCud14840. |
5.8 | 2013-05-29 | CVE-2013-1212 | The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a crafted certificate, aka Bug ID CSCud14837. |
8.3 | 2013-04-25 | CVE-2013-1178 | Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. |
7.8 | 2012-02-16 | CVE-2012-0352 | Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (2) | CWE-399 | Resource Management Errors |
16% (1) | CWE-310 | Cryptographic Issues |
16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
16% (1) | CWE-20 | Improper Input Validation |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2013-A-0100 | Multiple Vulnerabilities in Cisco NX-OS-Based Products Severity: Category I - VMSKEY: V0037772 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-11-04 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sn-CVE-2013-5556-nxos.nasl - Type: ACT_GATHER_INFO |
2013-05-31 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20130424-nxosmulti-nxos.nasl - Type: ACT_GATHER_INFO |