Vigil@nce - Cisco NX-OS: denial of service via HSRP Authentication
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send HSRP packets to Cisco NX-OS, in order to
trigger a denial of service.
– Impacted products: Cisco Nexus, NX-OS
– Severity: 2/4
– Creation date: 11/06/2014
DESCRIPTION OF THE VULNERABILITY
The HSRP (Hot Standby Router Protocol) protocol is used to
reconfigure the priority of routing.
However, an attacker can send malformed HSRP packets, to bypass
the authentication, and alter the HSRP state.
An attacker can therefore send HSRP packets to Cisco NX-OS, in
order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-NX-OS-denial-of-service-via-HSRP-Authentication-14882