Cisco Nexus 7000 Frame Forwarding Loop Denial of Service Vulnerability

Summary

• Cisco NX-OS Software running on Nexus 7000 Series Switches contains a vulnerability that could allow an unauthenticated, remote attacker with access to an adjacent network to cause a denial of service (DoS) condition.
  
  The vulnerability is due to mishandling of a specific type of nonstandard Ethernet frame by the affected software. An unauthenticated, remote attacker with access to an adjacent network could exploit the vulnerability by sending an unspecified crafted nonstandard Ethernet frame to a targeted device. A successful exploit could allow the attacker to cause a frame forwarding loop, resulting in a DoS condition.
  
  Cisco has confirmed the vulnerability in a security notice and has released software updates.
  
  Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
  
  To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.

Affected Products

• Cisco has released a security notice for bug ID CSCug47098 at the following link: CVE-2013-1226

  Vulnerable Products

  At the time this alert was first published, the following versions of Cisco NX-OS Software were vulnerable when running on the Nexus 7000 Series Switch:
  

  4.1, 4.1.(2), 4.1.(3), 4.1.(4), 4.1.(5), 4.2.(2a), 4.2(3), 4.2(4), 4.2(6), 4.2(8), 5.0(2a), 5.0(3), 5.0(5), 5.1(1), 5.1(1a), 5.1(3), 5.1(4), 5.1(5), 5.1(6), 5.2(1), 5.2(3a), 5.2(4), 5.2(5), 5.2(7), 5.2(9), 6.0(1), 6.0(2), 6.0(3), 6.0(4), 6.1(1), 6.1(2), 6.1(3)
  

  Later versions of Cisco NX-OS Software may also be affected.

  Products Confirmed Not Vulnerable

  No other Cisco products are currently known to be affected by these vulnerabilities.

Workarounds

• Administrators are advised to apply the appropriate updates.
  
  Administrators are advised to allow only trusted users to have network access.
  
  Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  
  Understanding activity on the network provides information and visibility that can be used to identify potential security incidents. Organizations should log events from devices and review the logged data to provide insight into anomalies or malicious activity. For logging best practices, consult Cisco Guide to Harden Cisco IOS Devices.
  
  Network traffic should be monitored for security-related network activity. NetFlow identifies security-related network activity. For NetFlow configuration details, consult Introduction to Cisco IOS NetFlow - A Technical Overview.
  
  Administrators are advised to monitor affected systems.
  

Fixed Software

• Cisco customers with active contracts can obtain updates through the Software Center at the following link: Cisco. Cisco customers without contracts can obtain upgrades by contacting the Cisco Technical Assistance Center at 1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

URL

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130429-CVE-2013-1226

Revision History

• Version	Description	Section	Status	Date
  1.0	Initial Release	NA	Final	2013-Apr-29

  Show Less