 |
|
|
|
Cisco Nexus switches protection bypass
updated since 13.09.2011 | | Published: |  | 31.10.2011 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 11907 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | It's possible to bypass ACL limitation. Local code execution. |
| Affected: |  | CISCO : Cisco MDS 9000 | | | | CISCO : Cisco Nexus 5000 | | | | CISCO : Cisco Nexus 7000 | | | | CISCO : Cisco Nexus 3000 | | | | CISCO : Cisco Nexus 2000 | | | | CISCO : Cisco Nexus 4000 | | CVE: |  | CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.) | | | | CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.) |
|
|
|
|
|
|
|
|
