First published: Sat May 24 2014(Updated: )
The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a large volume of crafted traffic, aka Bug ID CSCtw98915.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco NX-OS | =6.0\(1\) | |
Cisco Nexus 7000 | ||
Cisco Nexus 7000 | ||
Cisco Nexus 7000 | ||
Cisco Nexus 7000 9-Slot Firmware | ||
Cisco NX-OS | <=6.2\(5a\) | |
Cisco NX-OS | =6.2\(1\) | |
Cisco NX-OS | =6.2\(1n\) | |
Cisco NX-OS | =6.2\(3\) | |
Cisco NX-OS | =6.2\(3n\) | |
Cisco NX-OS | =6.2\(5\) | |
Cisco MDS 9000 Series Multilayer Switches | ||
Cisco MDS 9100 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-2201 has a high severity rating due to its potential to cause a denial of service on affected devices.
To fix CVE-2014-2201, upgrade to Cisco NX-OS version 6.2(7) or later on MDS 9000 devices and version 6.0(2) or later on Nexus 7000 devices.
CVE-2014-2201 affects Cisco NX-OS versions prior to 6.2(7) on MDS 9000 devices and versions prior to 6.0(2) on Nexus 7000 devices.
Yes, CVE-2014-2201 can be exploited remotely through crafted traffic that leads to a kernel panic.
If using affected Cisco products, it is critical to immediately apply recommended software updates to mitigate the risk associated with CVE-2014-2201.