A vulnerability in the USB driver for Cisco Nexus 5000 Series Switches could allow an unauthenticated, local attacker to cause a denial of service (DoS) condition due to a kernel crash.

The vulnerability is due to insufficient handling of USB input parameters. An attacker could exploit this vulnerability by sending crafted USB parameters to be processed by the kernel of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-nexus

Leave a Reply