CVE-2014-3330

Name of the Vulnerable Software and Affected Versions Cisco NX-OS version 6.1(2)I2(1)

Description The issue is related to the improper processing of packet-drop policy checks for logged packets, allowing remote attackers to bypass intended access restrictions. This can be achieved by sending a flood of packets that match a policy containing the log keyword. The vulnerability is due to insufficient policy checks for logged packets, which could allow an unauthenticated, remote attacker to bypass access list restrictions for logged traffic. An exploit could allow the attacker to bypass the access control list for a small percentage of packets that would otherwise have been dropped.

Recommendations For Cisco NX-OS version 6.1(2)I2(1), update to a newer version that includes the necessary software updates to fix the vulnerability. As a temporary workaround, consider restricting access to the logging feature to minimize the risk of exploitation. Avoid using the log keyword in access list entries until the issue is resolved.