what you don't know can hurt you

Cisco Security Advisory 20121107-n1k

Cisco Security Advisory 20121107-n1k
Posted Nov 8, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Product Security Incident Response Team (PSIRT) would like to notify customers of an issue that may impact their network security posture when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.2(1)SV1(5.2) with deployments that have Cisco Virtual Security Gateway (VSG) integration. This issue will manifest itself when administrators perform an in-service software upgrade to Software Release 4.2(1)SV1(5.2) from Software Release 4.2(1)SV1(5.1a) or earlier. After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2) could cause all the virtual Ethernet ports on the Virtual Ethernet Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in No-Policy pass-through mode because a valid VSG license is not actively installed. As a result, the VEMs no longer use a configured Cisco VSG; therefore, the virtual machines (VM) are not firewalled and traffic is not inspected by the VSG.

tags | advisory
systems | cisco
MD5 | dd2e5cacb66b3e84a003ebda11bec3c2

Cisco Security Advisory 20121107-n1k

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2)
Virtual Security Gateway Bypass Issue

Document ID: cisco-sr-20121107-n1k

Revision 1.0

For Public Release 2012 November 7 16:00 UTC (GMT)
- ----------------------------------------------------------------------

Cisco Response
==============

The Cisco Product Security Incident Response Team (PSIRT) would like
to notify customers of an issue that may impact their network security
posture when upgrading the Cisco Nexus 1000V Series Switches to
Software Release 4.2(1)SV1(5.2) with deployments that have Cisco
Virtual Security Gateway (VSG) integration. This issue will manifest
itself when administrators perform an in-service software upgrade to
Software Release 4.2(1)SV1(5.2) from Software Release 4.2(1)SV1(5.1a)
or earlier.

After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2)
could cause all the virtual Ethernet ports on the Virtual Ethernet
Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in
No-Policy pass-through mode because a valid VSG license is not
actively installed. As a result, the VEMs no longer use a configured
Cisco VSG; therefore, the virtual machines (VM) are not firewalled and
traffic is not inspected by the VSG.

This software bug is documented in Cisco Bug ID CSCud01427 and a
software bulletin for Software Release 4.2(1)SV1(5.2) is in the
process of being published. Additional Information

This response is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20121107-n1k
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlCahB0ACgkQUddfH3/BbTocEgD/ZAzdVLQZCcaLo41tATesEH9J
0O/Ijdnc8Fw7B3pBgrgBAI/6M8mWC/CJWGF6b6OkDhxu8aiNUUmZX645hWms9h8c
=MMfv
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close