[c-nsp] Cisco Security Advisory: Cisco Nexus 1000V Series Switch Software Release 4.2(1)SV1(5.2) Virtual Security Gateway Bypass Issue

Nick Hilliard nick at foobar.org
Wed Nov 7 12:09:02 EST 2012


On 07/11/2012 16:11, Cisco Systems Product Security Incident Response Team
> After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2)
> could cause all the virtual Ethernet ports on the Virtual Ethernet
> Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in
> No-Policy pass-through mode because a valid VSG license is not
> actively installed. As a result, the VEMs no longer use a configured
> Cisco VSG; therefore, the virtual machines (VM) are not firewalled and
> traffic is not inspected by the VSG.

And once again, licensing mechanisms demonstrate catastrophic failure modes
due to ill-thought-out license expiry mechanisms.

Nick,
not a fan of licenses with built-in expiry dates



More information about the cisco-nsp mailing list