CVE-2013-1208

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V (affected versions not specified)

Description The encryption functionality in Cisco NX-OS does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication. This allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access. The issue is due to errors in the implementation of the cryptography employed for VSM to VEM communications. An attacker must have access to the Layer 2 management VLAN or the Layer 3 management traffic to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.