I was somewhat surprised to see this kind of vulnerability popping up in Cisco’s dedicated datacentre range.
“A vulnerability exists in Cisco Nexus 5000 and 3000 Series Switches that may allow traffic to bypass deny statements in access control lists (ACLs) that are configured on the device. ”
“Cisco Nexus 5000 and 3000 Series Switches are affected by this vulnerability when a remark is configured before a deny statement on an ACL.”
After a quick and dirty audit in the last hour or so I’ve found numerous examples of customers with this version and ACLs with remarks in them. The official Cisco release can be found here.
All Cisco Nexus 5000 NX-OS Software Releases 5.0(2) and 5.0(3) prior to 5.0(3)N2(1) are affected by this vulnerability.
Note: Cisco Nexus 5000 NX-OS Software Releases 4.x are not affected by this vulnerability.
All Cisco Nexus 3000 NX-OS Software Releases prior to 5.0(3)U1(2a) or 5.0(3)U2(1) are affected by this vulnerability.
Happily my infrastructure has N5Ks with 4.x code, but I still did a quick check on them to calm my beating heart. This kinda of serious vulnerability in NX-OS highlights that it is a very young piece of code that needs some extra scrutiny before release.
Good luck to all