CVE-2013-1209

Published: May 29, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.

Affected (1)

Products: Cisco: Nx Os

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	All versions

Running on/with	Platform Versions
Cisco Nexus 1000v	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1209

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1209

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.