Details of VAR-201208-0137

ID

VAR-201208-0137

CVE

CVE-2012-2469

TITLE

Cisco Nexus 7000 Runs on a series switch Cisco NX-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2011-005109

DESCRIPTION

Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCtk34535 and CSCtk19132

Trust: 2.52

sources: NVD: CVE-2012-2469 // JVNDB: JVNDB-2011-005109 // CNVD: CNVD-2012-4133 // BID: 54833 // VULHUB: VHN-55750

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4133

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	4.2	Trust: 2.4
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.0	Trust: 2.4
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.1	Trust: 2.4
vendor:	cisco	model:	nx-os	scope:	eq	version:	5.2	Trust: 2.4
vendor:	cisco	model:	nexus 7000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 9-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 18-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10-slot	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 7000 10 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 18 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 9 slot switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 7000 series switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus	scope:	eq	version:	7000	Trust: 0.6

sources: CNVD: CNVD-2012-4133 // JVNDB: JVNDB-2011-005109 // CNNVD: CNNVD-201208-029 // NVD: CVE-2012-2469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2469
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-2469
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201208-029
value:	HIGH
Trust: 0.6
VULHUB:	VHN-55750
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-2469
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-55750
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-55750 // JVNDB: JVNDB-2011-005109 // CNNVD: CNNVD-201208-029 // NVD: CVE-2012-2469

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-2469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-029

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 54833

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005109

PATCH

title:	Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.2	url:	http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html	Trust: 0.8
title:	Patch for Cisco NX-OS CDP Packet Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/19570	Trust: 0.6

sources: CNVD: CNVD-2012-4133 // JVNDB: JVNDB-2011-005109

EXTERNAL IDS

db:	NVD	id:	CVE-2012-2469	Trust: 3.4
db:	SECTRACK	id:	1027352	Trust: 1.1
db:	JVNDB	id:	JVNDB-2011-005109	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-029	Trust: 0.7
db:	CNVD	id:	CNVD-2012-4133	Trust: 0.6
db:	NSFOCUS	id:	20252	Trust: 0.6
db:	BID	id:	54833	Trust: 0.4
db:	VULHUB	id:	VHN-55750	Trust: 0.1

sources: CNVD: CNVD-2012-4133 // VULHUB: VHN-55750 // BID: 54833 // JVNDB: JVNDB-2011-005109 // CNNVD: CNNVD-201208-029 // NVD: CVE-2012-2469

REFERENCES

url:	http://www.cisco.com/en/us/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html	Trust: 2.6
url:	http://www.4salesbyself.com/troubleshooting-random-nexus-reboots.aspx	Trust: 1.7
url:	http://www.securitytracker.com/id?1027352	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2469	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2469	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20252	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=26619	Trust: 0.3

sources: CNVD: CNVD-2012-4133 // VULHUB: VHN-55750 // BID: 54833 // JVNDB: JVNDB-2011-005109 // CNNVD: CNNVD-201208-029 // NVD: CVE-2012-2469

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 54833

SOURCES

db:	CNVD	id:	CNVD-2012-4133
db:	VULHUB	id:	VHN-55750
db:	BID	id:	54833
db:	JVNDB	id:	JVNDB-2011-005109
db:	CNNVD	id:	CNNVD-201208-029
db:	NVD	id:	CVE-2012-2469

LAST UPDATE DATE

2024-11-23T21:46:10.359000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4133	date:	2012-08-08T00:00:00
db:	VULHUB	id:	VHN-55750	date:	2013-03-23T00:00:00
db:	BID	id:	54833	date:	2013-02-06T16:20:00
db:	JVNDB	id:	JVNDB-2011-005109	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-029	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-2469	date:	2024-11-21T01:39:08.293

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4133	date:	2012-08-08T00:00:00
db:	VULHUB	id:	VHN-55750	date:	2012-08-06T00:00:00
db:	BID	id:	54833	date:	2012-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2011-005109	date:	2012-08-08T00:00:00
db:	CNNVD	id:	CNNVD-201208-029	date:	2012-08-07T00:00:00
db:	NVD	id:	CVE-2012-2469	date:	2012-08-06T17:55:00.917