Main Vulnerability Database SB2016072804

SB2016072804 - Input validation flaw in processing CDP packets in Cisco Nexus 1000v Application Virtual Switch

Published: July 28, 2016 Updated: April 5, 2018

Security Bulletin ID SB2016072804

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation flaw in processing CDP packets (CVE-ID: CVE-2016-1465)

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.

The vulnerability exists due to insufficient input validation of Cisco Discovery Protocol packets. A remote unauthenticated attacker can cause the ESXi hypervisor to crash and display a purple diagnostic screen by sending a crafted Cisco Discovery Protocol packet to a targeted device.

Successful exploitation of this vulnerability may result in denial of service condition.

Remediation

Install update from vendor's website.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160727-avs