Symptom
The following Cisco Nexus products:
Nexus 5624 Switch
Nexus 5696 Switch
Nexus 5672 Switch
Nexus 56128 Switch
Nexus 5596T switch
Nexus 5596UP switch
Nexus 5548UP switch
Nexus 5548P switch
Nexus 2348UPQ FEX
Nexus 2348TQ FEX
Nexus 2248PQ FEX
Nexus 2232TM-E FEX
Nexus 2232TM FEX
Nexus 2232PP FEX
Nexus 2248TP-E FEX
Nexus 2248TP FEX
Nexus 2224TP FEX
Nexus 2148T FEX
Nexus B22 DELL FEX
Nexus B22 Fujitsu FEX
Nexus B22 HP FEX
Nexus B22 IBM FEX
include a version of glibc that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) ID:
CVE-2015-0235
This bug was opened to assess and address the potential impact on this product.
Conditions
Device with default configuration.
Further Problem Description
All previously released versions of NX-OS software are affected. The fix will be delivered for currently supported releases as follows:
5.2(1)N1(9)
6.0(2)N2(7)
7.0(6)N1(1)
7.1(1)N1(1)
7.2(0)N1(1)
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
