CVE-2013-1209

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V (affected versions not specified)

Description The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component does not properly authenticate VSM/VEM packets. This allows remote attackers to disable packet-level encryption and integrity protection via crafted packets. The vulnerability is due to insufficient authentication of VSM/VEM packets. An attacker could exploit this vulnerability by sending specially crafted packets to a vulnerable VSM or VEM. To exploit this vulnerability, the attacker would likely need access to a trusted, internal network to send specially crafted packets to a targeted device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.