-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0104 Title: Multiple Cisco Nexus Devices Remote Denial of Service Vulnerability [1] Version history: 17.08.2012 Initial publication Summary ======= Multiple Cisco Nexus devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to crash, denying service to legitimate users. [1] CVSS Base Score CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) [3,4] Affected Versions ============== Cisco Nexus 2000 Cisco Nexus 5000 Original Details ============ Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted device. The vulnerability is due to improper processing of certain packets by the affected devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted packets to the targeted device. Successful exploitation could allow the attacker to cause a DoS condition on the targeted device. Cisco has confirmed this vulnerability and has released updated software. [2] What can you do? ================ The vendor has released updates. [2] What to tell your users? =================== N/A More information ================ [1] http://www.securityfocus.com/bid/54825 [2] http://tools.cisco.com/security/center/viewAlert.x?alertId=26613 [3] Information about CVSS: http://www.first.org/cvss/cvss-guide.html [4] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1357 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQLk+OAAoJEPpzpNLI8SVojOYP/RlPb7LtMTOE11hdBXxji4sM 44/vc3eqzqZzxGVzIR4lqZs56UG+iweOTIMdU+M3Yh99VTO15T+PxE474khdWHhn p3TzxAlpc43EjMZMKqfS3vTqGQO9GA++R5lIQ14pW0dXcO1oMPVNr2ZqA8lSioS4 MU/tYpeG/qJybvQlUCbRIUh94vxv11O1U7Bx987EwRPRiVXZHULVOyHEdbkyJZD4 E+k0bPn1S+IkZKxW/8z6cCNpHtBeN7JOr88Fmvqtb6gL7QHEVgh2xUTVNZAzWDdc +HikYu1ObK9MrPRx5iEY+3tzHXALAP45llcYZQdLiNo0tTDr4qvw5JixG+NVhnzN oatojrs5nB2aZu8TgWjH6kjsG5Bdw0GoAJRf/dku8DwFsbhfkvBAdRsg+uIhG3cD ZEDeOsNS37MRpPEOrFFgKdVhedI0RFVRVGuOXxv1G7m5oLdvxuS31xfsw52tUI0z /NuzTokFn0vFmj/Ozv/MTp26d3DSk7apAGlnEkDJCYaX1SNjoOYEie/OdbhFHqH2 D8J928K7LuDnK/tYBF+VFXCTPrm3EbvMTpqpWoHEnBoDL6G52UnxqTVAA/RbLN4n 6ZPOZVHY32A8vxnzkWlNqnhEyR+nOLLw0xn+nNz2css+pinDJVyxEw6hMF8PP2h+ oz2AzzT+v+zsJVazNovB =1vAL -----END PGP SIGNATURE-----