Vulnerability in Cisco Nexus_3000

CVE-2011-2581

The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, w…

EPSS: 0.002 (43.2th percentile) — read the EPSS interpretation.

Affected products

Cisco Nexus_3000
Cisco Nexus_5000
Cisco Nx-os — versions 5.0\(2\), 5.0\(3\)n1\(1\), 5.0\(3\)n1\(1a\)
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1026019 (vdb-entry, x_refsource_SECTRACK)
20110907 Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
45883 (x_refsource_SECUNIA, third-party-advisory)