Cisco NX-OS MTS Remote Denial of Service Vulnerability (CVE-2014-2201)
Release date:
Updated on:
Affected Systems:
Cisco NX-OS 4.2 (6)
Cisco NX-OS 4.2 (4)
Cisco NX-OS 4.2 (3)
Cisco NX-OS
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67578
CVE (CAN) ID: CVE-2014-2201
Cisco NX-OS is a data center-level operating system that represents a modular design, always-on and maintainability. Cisco NX-OS is able to divide OS and hardware resources into virtual environments that simulate virtual devices. Each VDC has its own software process, dedicated hardware resources (interfaces), and an independent management environment.
A security vulnerability exists in the Messaging Service (MTS) of Cisco NX-OS devices, and unauthenticated remote attackers can trigger denial of service, this vulnerability is caused by the indirect reference of a null pointer when the affected device is under heavy loads, which can cause a kernel crash.
<* Source: vendor
Link: http://secunia.com/advisories/58853/
Http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20140521-nxos) and patches for this:
Cisco-sa-20140521-nxos: Multiple Vulnerabilities in Cisco NX-OS-Based Products
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
This article permanently updates the link address: