CISCO : Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105836

Kategorie: CISCO

Titel: Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

Zusammenfassung: A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application;Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to;crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.;;The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which;could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker;could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted;device. An exploit could allow the attacker to cause a DoS condition.;;Cisco has released software updates that address this vulnerability. Workarounds that address this;vulnerability are not available.

Beschreibung: Summary:
A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application
Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to
crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which
could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker
could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted
device. An exploit could allow the attacker to cause a DoS condition.

Cisco has released software updates that address this vulnerability. Workarounds that address this
vulnerability are not available.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
6.1

CVSS Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-1465
BugTraq ID: 92154
http://www.securityfocus.com/bid/92154
Cisco Security Advisory: 20160727 Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-avs
http://www.securitytracker.com/id/1036469

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105836
Kategorie:	CISCO
Titel:	Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability
Zusammenfassung:	A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application;Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to;crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.;;The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which;could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker;could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted;device. An exploit could allow the attacker to cause a DoS condition.;;Cisco has released software updates that address this vulnerability. Workarounds that address this;vulnerability are not available.
Beschreibung:	Summary: A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted device. An exploit could allow the attacker to cause a DoS condition. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.1 CVSS Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1465 BugTraq ID: 92154 http://www.securityfocus.com/bid/92154 Cisco Security Advisory: 20160727 Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-avs http://www.securitytracker.com/id/1036469
Copyright	Copyright (C) 2016 Greenbone Networks GmbH