CVE-2014-0685

Name of the Vulnerable Software and Affected Versions Cisco Nexus 1000V InterCloud versions 5.2(1)IC1(1.2) and earlier

Description A remote attacker can bypass ACL deny statements via crafted IGMPv2 or IGMPv3 packets. The issue is due to a lack of IGMPv2 and IGMPv3 support in ACLs. An attacker could exploit this by sending certain IGMPv2 or IGMPv3 requests to an affected switch. The vulnerability does not affect IGMP version 1. To exploit this, an attacker may need access to trusted, internal networks to send IGMPv2 or IGMPv3 requests to a targeted device.

Recommendations For Cisco Nexus 1000V InterCloud versions 5.2(1)IC1(1.2) and earlier, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the switch to minimize the risk of exploitation. Avoid using IGMPv2 and IGMPv3 protocols until the issue is resolved.