CVE-2015-4323

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 4.1(2)E1(1b) through 7.3(0)ZN(0.9) Cisco Nexus 1000V devices for VMware vSphere version 7.3(0)ZN(0.9) Cisco Nexus 3000 devices versions 6.0(2)U5(1.41) through 7.3(0)ZN(0.83) Cisco Nexus 4000 devices version 4.1(2)E1(1b) Cisco Nexus 7000 devices version 6.2(14)S1 Cisco Nexus 9000 devices version 7.3(0)ZN(0.9) MDS 9000 devices versions 6.2(13) through 7.1(0)ZN(91.99) MDS SAN-OS version 7.1(0)ZN(91.99)

Description The issue is caused by a buffer overflow in the Cisco NX-OS due to improper validation of the ARP packet and the maximum transmission unit (MTU) size. This could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition by sending a crafted ARP packet to the device, resulting in the device becoming unavailable. The attacker must be on the same broadcast or collision domain as the affected device to exploit this vulnerability.

Recommendations For Cisco NX-OS versions 4.1(2)E1(1b) through 7.3(0)ZN(0.9), consider disabling the ARP input packet processing until a patch is available. For Cisco Nexus 1000V devices for VMware vSphere version 7.3(0)ZN(0.9), restrict access to the ARP module to minimize the risk of exploitation. For Cisco Nexus 3000 devices versions 6.0(2)U5(1.41) through 7.3(0)ZN(0.83), avoid using the ARP protocol in the affected API endpoint until the issue is resolved. For Cisco Nexus 4000 devices version 4.1(2)E1(1b), Cisco Nexus 7000 devices version 6.2(14)S1, Cisco Nexus 9000 devices version 7.3(0)ZN(0.9), MDS 9000 devices versions 6.2(13) through 7.1(0)ZN(91.99), and MDS SAN-OS version 7.1(0)ZN(91.99), temporarily disable the ARP function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.