CVE-2017-3875

Name of the Vulnerable Software and Affected Versions Cisco Nexus 7000 Series Switches versions 5.2(4) through 7.3(0)ZN(0.161) Cisco Nexus 7000 Series Switches versions 6.1(3)S5 through 6.1(3)S6 Cisco Nexus 7000 Series Switches versions 6.2(1.121)S0 through 7.2(1)D1(1) Cisco Nexus 7000 Series Switches version 7.3(1)N1(0.1)

Description The issue is due to insufficient input validation in access-control filtering mechanisms, allowing an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. This can be exploited by issuing crafted commands for which a particular ACL would not match defined traffic, potentially allowing the attacker to bypass certain rulesets defined on a Network Time Protocol (NTP) ACL.

Recommendations For versions 5.2(4) through 7.3(0)ZN(0.161), update to version 7.3(0)D1(1) or later. For versions 6.1(3)S5 through 6.1(3)S6, update to version 6.1(5) or later. For versions 6.2(1.121)S0 through 7.2(1)D1(1), update to version 6.2(2) or later. For version 7.3(1)N1(0.1), update to version 7.3(1)N1(1) or later. As a temporary workaround, consider restricting access to the vulnerable ACL mechanisms until a patch is available.