Sign-up

ID

VAR-201209-0241


CVE

CVE-2012-3051


TITLE

Cisco Nexus 7000 Runs on a series switch Cisco NX-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2012-004398

DESCRIPTION

Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. Adopt the Cisco Nexus OS operating system. Cisco NX-OS fails to process a large number of ARP packets correctly. The vulnerability Cisco bug ID is CSCtr44822. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. Cisco NX-OS version 5.2 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Nexus 7000 Series NX-OS ARP Packet Handling Denial of Service SECUNIA ADVISORY ID: SA50671 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50671/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50671 RELEASE DATE: 2012-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/50671/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50671/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50671 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Nexus 7000 Series NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in version 5.2. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: CSCtr44822: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html#wp402884 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3051 // JVNDB: JVNDB-2012-004398 // CNVD: CNVD-2012-5244 // BID: 55600 // IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56332 // PACKETSTORM: 116679

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5244

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:6.1

Trust: 3.0

vendor:ciscomodel:nx-osscope:eqversion:5.2

Trust: 3.0

vendor:ciscomodel:nexus 7000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 7000 18-slotscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 7000 10-slotscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 7000 9-slotscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 7000 10 slot switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 7000 18 slot switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 7000 9 slot switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 7000 series switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:70000

Trust: 0.3

vendor:nx osmodel: - scope:eqversion:5.2

Trust: 0.2

vendor:nx osmodel: - scope:eqversion:6.1

Trust: 0.2

vendor:nexus 7000model: - scope:eqversion: -

Trust: 0.2

vendor:nexus 7000 10 slotmodel: - scope:eqversion: -

Trust: 0.2

vendor:nexus 7000 18 slotmodel: - scope:eqversion: -

Trust: 0.2

vendor:nexus 7000 9 slotmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5244 // BID: 55600 // JVNDB: JVNDB-2012-004398 // CNNVD: CNNVD-201209-348 // NVD: CVE-2012-3051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3051
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3051
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-348
value: MEDIUM

Trust: 0.6

IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-56332
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3051
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-56332
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56332 // JVNDB: JVNDB-2012-004398 // CNNVD: CNNVD-201209-348 // NVD: CVE-2012-3051

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3051

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201209-348

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-348

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004398

PATCH
title:Cisco Nexus 7000 Series NX-OS Release Notes, Release 5.2url:http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html
Trust: 0.8
title:Patch for Cisco NX-OS ARP Packet Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/22554
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-5244 // 
            
            
            
            JVNDB: JVNDB-2012-004398

EXTERNAL IDS
db:NVDid:CVE-2012-3051
Trust: 3.6
db:BIDid:55600
Trust: 1.4
db:SECUNIAid:50671
Trust: 1.2
db:CNVDid:CNVD-2012-5244
Trust: 0.8
db:CNNVDid:CNNVD-201209-348
Trust: 0.8
db:JVNDBid:JVNDB-2012-004398
Trust: 0.8
db:NSFOCUSid:20817
Trust: 0.6
db:IVDid:5EBCC28C-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-56332
Trust: 0.1
db:PACKETSTORMid:116679
Trust: 0.1
sources:
            
            
            IVD: 5ebcc28c-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-5244 // 
            
            
            
            VULHUB: VHN-56332 // 
            
            
            
            BID: 55600 // 
            
            
            
            JVNDB: JVNDB-2012-004398 // 
            
            
            
            PACKETSTORM: 116679 // 
            
            
            
            CNNVD: CNNVD-201209-348 // 
            
            
            
            NVD: CVE-2012-3051

REFERENCES
url:http://www.cisco.com/en/us/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html
Trust: 2.3
url:http://www.securityfocus.com/bid/55600
Trust: 1.1
url:http://secunia.com/advisories/50671
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3051
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3051
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20817
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html#wp402884
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50671
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/advisories/50671/#comments
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/50671/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-5244 // 
            
            
            
            VULHUB: VHN-56332 // 
            
            
            
            BID: 55600 // 
            
            
            
            JVNDB: JVNDB-2012-004398 // 
            
            
            
            PACKETSTORM: 116679 // 
            
            
            
            CNNVD: CNNVD-201209-348 // 
            
            
            
            NVD: CVE-2012-3051

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 55600

SOURCES
db:IVDid:5ebcc28c-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-5244
db:VULHUBid:VHN-56332
db:BIDid:55600
db:JVNDBid:JVNDB-2012-004398
db:PACKETSTORMid:116679
db:CNNVDid:CNNVD-201209-348
db:NVDid:CVE-2012-3051

LAST UPDATE DATE
2024-11-23T22:14:00.433000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-5244date:2012-09-19T00:00:00
db:VULHUBid:VHN-56332date:2013-03-22T00:00:00
db:BIDid:55600date:2012-09-19T00:00:00
db:JVNDBid:JVNDB-2012-004398date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-348date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3051date:2024-11-21T01:40:10.157

SOURCES RELEASE DATE
db:IVDid:5ebcc28c-2353-11e6-abef-000c29c66e3ddate:2012-09-19T00:00:00
db:CNVDid:CNVD-2012-5244date:2012-09-19T00:00:00
db:VULHUBid:VHN-56332date:2012-09-16T00:00:00
db:BIDid:55600date:2012-09-19T00:00:00
db:JVNDBid:JVNDB-2012-004398date:2012-09-18T00:00:00
db:PACKETSTORMid:116679date:2012-09-19T05:57:27
db:CNNVDid:CNNVD-201209-348date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3051date:2012-09-16T10:34:50.427