Auth bypass in Cisco Nexus_1000v

CVE-2013-1211

Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (…

Vulnerability class: Broken Authentication

EPSS: 0.004 (58.0th percentile) — read the EPSS interpretation.

Affected products

Cisco Nexus_1000v
Cisco Nx-os
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

20130528 Cisco Nexus 1000V Insufficient VSM/VEM Authentication (x_refsource_CISCO, vendor-advisory, Vendor Advisory)