HomePentest-Tools.com Logo

Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability (cisco-sa-20160727-avs) CVE-2016-1465

Severity
CVSSv3 Score
6.5
Vulnerability description

A vulnerability in Cisco Discovery Protocol packet processing for the Cisco Nexus 1000v Application Virtual Switch (AVS) could allow an unauthenticated, remote attacker to cause the ESXi hypervisor to crash and display a purple diagnostic screen, resulting in a denial of service (DoS) condition.

Risk description

The vulnerability is due to insufficient input validation of Cisco Discovery Protocol packets, which could result in a crash of the ESXi hypervisor due to an out-of-bound memory access. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a targeted device. An exploit could allow the attacker to cause a DoS condition.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 28, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available