Vulnslist

find the latest Cisco vulnerabilities

Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

cisco-sa-20161102-n9kapic · Medium · Published · Updated

A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of a type of Layer 2 control plane traffic. An attacker could exploit this vulnerability by sending crafted traffic to a host behind a leaf switch. An exploit could allow the attacker to cause a DoS condition on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, administrators may disable the ARP flood mode or unicast routing of the bridge domain by issuing the following commands on the APIC command-line interface (CLI):

apic1#
apic1# configure
apic1(config)# tenant t1
apic1(config-tenant)# bridge-domain 10
apic1(config-tenant-bd)# no arp flooding
apic1(config-tenant-bd)# no unicast routing
apic1(config-tenant-bd)# end
apic1#

CVEsCVE-2016-6457
Cisco Bug IDsCSCuy93241
CVSS ScoreBase 6.1
Base 6.1 AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Application Policy Infrastructure Controller (APIC)

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2016-6457 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2016-6457 Cisco OpenVuln
Cisco Nexus 9000 Series Switches CVE-2016-6457 Cisco OpenVuln
Cisco Application Policy Infrastructure Controller (APIC) CVE-2016-6457 Cisco OpenVuln