Auth bypass in Cisco Nexus_1000v

CVE-2013-1209

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to…

Vulnerability class: Broken Authentication

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Nexus_1000v
Cisco Nx-os
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

20130528 Cisco Nexus 1000V VSM/VEM Communication Encryption Bypass Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)