Details of VAR-201508-0492

ID

VAR-201508-0492

CVE

CVE-2015-4323

TITLE

plural Cisco Nexus Run on device Cisco NX-OS and MDS SAN-OS Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004363

DESCRIPTION

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366. Vendors have confirmed this vulnerability Bug ID CSCuv71933 , CSCuv61341 , CSCuv61321 , CSCuu78074 , CSCut37060 , CSCuv61266 , CSCuv61351 , CSCuv61358 ,and CSCuv61366 It is released as.Skillfully crafted by a third party ARP Service disruption via packets ( Stop device ) There is a possibility of being put into a state. Cisco NX-OS is a data center-class operating system from Cisco Systems, Inc. that embodies modular design, resiliency, and maintainability. Multiple Cisco Nexus Devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358 and CSCuv61366. Cisco Nexus 1000V Switch for VMware vSphere, etc. Cisco Nexus 1000V Switch is a virtual switch product running on the virtual machine platform (VMware vSphere), 3000, 4000, 7000 and 9000 series switches. Cisco MDS SAN-OS Software is an operating system running on fiber optic switches. The vulnerability is caused by the program not correctly validating the ARP packet and maximum transmission unit (MTU) size. The following products and versions are affected: Cisco Nexus 1000V Switch for VMware vSphere version 7.3(0)ZN(0.9); Nexus 1000V Switch for Nexus 3000 Series version 7.3(0)ZN(0.83), version 7.0(3)I2(0.373) , 6.0(2)U5(1.41) version; Nexus 1000V Switch for Nexus 4000 Series 4.1(2)E1(1b) version; Nexus 1000V Switch for Nexus 7000 Series 6.2(14)S1 version; Nexus 1000V Switch for Nexus 9000 Series 7.3 (0)ZN(0.9) version; Cisco MDS 9000 NX-OS Software 6.2 (13) version, 7.1(0)ZN(91.99) Base version; Cisco MDS SAN-OS Software 7.1(0)ZN(91.99) Base version

Trust: 2.52

sources: NVD: CVE-2015-4323 // JVNDB: JVNDB-2015-004363 // CNVD: CNVD-2015-05682 // BID: 76367 // VULHUB: VHN-82284

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-05682

AFFECTED PRODUCTS

vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	6.2\(13\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(0\)zn\(0.9\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0\(2\)u5\(1.41\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(0\)zn\(0.83\)	Trust: 1.6
vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	7.1\(0\)zn\(91.99\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(3\)i2\(0.373\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1\(2\)e1\(1b\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2\(14\)s1	Trust: 1.6
vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	6.2 (13)	Trust: 0.8
vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	7.1(0)zn(91.99) base	Trust: 0.8
vendor:	cisco	model:	mds san-os	scope:	eq	version:	7.1(0)zn(91.99) base	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	4.1(2)e1(1b) (cisco nexus 4000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.0(2)u5(1.41) (cisco nexus 3000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	6.2(14)s1 (cisco nexus 7000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0(3)i2(0.373) (cisco nexus 3000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3(0)zn(0.83) (cisco nexus 3000 series )	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3(0)zn(0.9) (cisco nexus 9000 series /1000v switch for vmware vsphere)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus switch for vmware vsphere 7.3 zn	scope:	eq	version:	1000v	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 7.3 zn	scope:	eq	version:	1000v9000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 6.2 s1	scope:	eq	version:	1000v7000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 4.1 e1	scope:	eq	version:	1000v4000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 7.3 zn	scope:	eq	version:	1000v3000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series	scope:	eq	version:	1000v30007.0(3)	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series 6.0 u5	scope:	eq	version:	1000v3000	Trust: 0.3
vendor:	cisco	model:	nexus switch for nexus series	scope:	eq	version:	1000v30002(0.373)	Trust: 0.3
vendor:	cisco	model:	mds san-os software 7.1 zn	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	mds nx-os 7.1 zn	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	mds nx-os	scope:	eq	version:	90006.2(13)	Trust: 0.3

sources: CNVD: CNVD-2015-05682 // BID: 76367 // JVNDB: JVNDB-2015-004363 // CNNVD: CNNVD-201508-361 // NVD: CVE-2015-4323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4323
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-05682
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201508-361
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82284
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4323
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-05682
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82284
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-05682 // VULHUB: VHN-82284 // JVNDB: JVNDB-2015-004363 // CNNVD: CNNVD-201508-361 // NVD: CVE-2015-4323

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-82284 // JVNDB: JVNDB-2015-004363 // NVD: CVE-2015-4323

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201508-361

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201508-361

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004363

PATCH

title:

40469

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=40469

Trust: 0.8

sources: JVNDB: JVNDB-2015-004363

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4323	Trust: 3.4
db:	BID	id:	76367	Trust: 2.6
db:	SECTRACK	id:	1033321	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-004363	Trust: 0.8
db:	CNNVD	id:	CNNVD-201508-361	Trust: 0.7
db:	CNVD	id:	CNVD-2015-05682	Trust: 0.6
db:	VULHUB	id:	VHN-82284	Trust: 0.1

sources: CNVD: CNVD-2015-05682 // VULHUB: VHN-82284 // BID: 76367 // JVNDB: JVNDB-2015-004363 // CNNVD: CNNVD-201508-361 // NVD: CVE-2015-4323

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40469	Trust: 2.3
url:	http://www.securityfocus.com/bid/76367	Trust: 1.7
url:	http://www.securitytracker.com/id/1033321	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4323	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4323	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40469	Trust: 0.3

sources: CNVD: CNVD-2015-05682 // VULHUB: VHN-82284 // BID: 76367 // JVNDB: JVNDB-2015-004363 // CNNVD: CNNVD-201508-361 // NVD: CVE-2015-4323

CREDITS

Cisco

Trust: 0.9

sources: BID: 76367 // CNNVD: CNNVD-201508-361

SOURCES

db:	CNVD	id:	CNVD-2015-05682
db:	VULHUB	id:	VHN-82284
db:	BID	id:	76367
db:	JVNDB	id:	JVNDB-2015-004363
db:	CNNVD	id:	CNNVD-201508-361
db:	NVD	id:	CVE-2015-4323

LAST UPDATE DATE

2024-11-23T22:18:22.923000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-05682	date:	2015-08-27T00:00:00
db:	VULHUB	id:	VHN-82284	date:	2017-09-20T00:00:00
db:	BID	id:	76367	date:	2015-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-004363	date:	2015-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201508-361	date:	2015-08-20T00:00:00
db:	NVD	id:	CVE-2015-4323	date:	2024-11-21T02:30:49.973

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-05682	date:	2015-08-27T00:00:00
db:	VULHUB	id:	VHN-82284	date:	2015-08-19T00:00:00
db:	BID	id:	76367	date:	2015-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-004363	date:	2015-08-25T00:00:00
db:	CNNVD	id:	CNNVD-201508-361	date:	2015-08-19T00:00:00
db:	NVD	id:	CVE-2015-4323	date:	2015-08-19T23:59:02.590