Release date:
Updated on: 2013-01-23
Affected Systems:
Cisco NX-OS
Cisco Nexus 7000
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57482
CVE (CAN) ID: CVE-2012-6396
Cisco NX-OS is a data center-level operating system that represents a modular design, always-on and maintainability.
A denial of service vulnerability exists when Cisco Nexus 7000 series switches running NX-OS do not properly handle some line-card replacement events. Remote authenticated attackers construct a configuration to make the affected module reference interfaces that do not exist on the new card, resulting in a large amount of memory and system resource consumption of the affected device and DOS.
<* Source: vendor
Link: http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2012-6396
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6396
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2012-6396) and patches for this:
CVE-2012-6396: Cisco Nexus 7000 Denial of Service Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6396