CVE-2015-6277Cisco 1000v vulnerability

CWE-3994 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 39.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco 1000vCisco Nx-osCisco San-os
Timeline
PublishedSep 2
Latest updateMay 17

Description

The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote attackers to cause a denial of service (ARP process restart) via crafted packet-header fields, aka Bug ID CSCut25292.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages3 packages

NVDcisco/1000v5.2\(1\)sv3\(1.4\)
NVDcisco/nx-os4 versions+3
NVDcisco/san-os7.0\(0\)hsk\(0.353\)

🔴Vulnerability Details

2
GHSA
GHSA-mgmf-hg59-85fw: The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 52022-05-17
CVEList
CVE-2015-6277: The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 52015-09-02

📋Vendor Advisories

1
Cisco
Cisco NX-OS Malformed ARP Header Denial of Service Vulnerability2015-09-01
CVE-2015-6277 — Cisco 1000v vulnerability | cvebase