CVE-2013-1212

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V (affected versions not specified)

Description The SSL functionality in Cisco NX-OS does not properly verify X.509 certificates, allowing man-in-the-middle attackers to spoof servers and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication via a crafted certificate. This vulnerability enables attackers to eavesdrop on communications and inject modified or arbitrary data. The issue is due to improper verification of SSL security certificates by the VSM. To exploit this, an attacker would likely need access to a trusted internal network and the communication path between the VSM and vCenter server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.