CVE-2015-6295

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 6.1(2)I3(4) through 7.0(3)I1(1)

Description A vulnerability exists in the handling of incoming Layer 2 packets tagged with a reserved VLAN number, allowing an unauthenticated, adjacent attacker to cause a partial denial of service (DoS) condition due to increased CPU utilization and possible control plane instability. Additionally, Layer 2 packets that should be dropped by the switch may be incorrectly forwarded to connected interfaces. The issue is due to a lack of validation of the VLAN number in the Layer 2 packet. An attacker could exploit this by sending a crafted Layer 2 packet tagged with a reserved VLAN number. To exploit the vulnerability, an attacker would need access to the local network.

Recommendations For Cisco NX-OS versions 6.1(2)I3(4) through 7.0(3)I1(1), consider restricting access to the local network to minimize the risk of exploitation, as updates are not currently available. As a temporary workaround, consider implementing additional network segmentation or access controls to reduce the potential for exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.