CVE-2016-1465

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000v Application Virtual Switch (AVS) versions prior to 5.2(1)SV3(1.5i)

Description A denial of service issue exists due to insufficient input validation of Cisco Discovery Protocol packets, which could result in an out-of-bounds memory access and cause the ESXi hypervisor to crash, displaying a purple diagnostic screen. An attacker could exploit this by sending a crafted Cisco Discovery Protocol packet to a targeted device, resulting in a denial of service condition.

Recommendations For versions prior to 5.2(1)SV3(1.5i), update to version 5.2(1)SV3(1.5i) or later to resolve the issue. As a temporary workaround, consider restricting access to the Cisco Discovery Protocol to minimize the risk of exploitation.