CVE-2016-1453

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-10-2016 12:59

Last modified: - 05-06-2022 05:28

Total changes: - 4

Description

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=cisco AND product=nx-os AND version=6.2\(2a\)

vendor=cisco AND product=nx-os AND version=6.1\(3\)

vendor=cisco AND product=nx-os AND version=5.1\(6\)

vendor=cisco AND product=nx-os AND version=5.2\(1\)

vendor=cisco AND product=nx-os AND version=6.2\(12\)

vendor=cisco AND product=nx-os AND version=5.1\(4\)

vendor=cisco AND product=nx-os AND version=6.2\(6b\)

vendor=cisco AND product=nx-os AND version=4.1.\(2\)

vendor=cisco AND product=nx-os AND version=5.1\(5\)

vendor=cisco AND product=nx-os AND version=6.0\(3\)

vendor=cisco AND product=nx-os AND version=4.1.\(3\)

vendor=cisco AND product=nx-os AND version=6.1\(4\)

vendor=cisco AND product=nx-os AND version=4.2.\(2a\)

vendor=cisco AND product=nx-os AND version=5.1\(3\)

vendor=cisco AND product=nx-os AND version=7.2\(0\)n1\(0.1\)

vendor=cisco AND product=nx-os AND version=5.0\(5\)

vendor=cisco AND product=nx-os AND version=6.0\(2\)

vendor=cisco AND product=nx-os AND version=4.2\(4\)

vendor=cisco AND product=nx-os AND version=5.2\(9\)

vendor=cisco AND product=nx-os AND version=6.2\(8a\)

vendor=cisco AND product=nx-os AND version=5.2\(4\)

vendor=cisco AND product=nx-os AND version=6.2\(10\)

vendor=cisco AND product=nx-os AND version=4.1.\(5\)

vendor=cisco AND product=nx-os AND version=6.1\(4a\)

vendor=cisco AND product=nx-os AND version=4.2\(3\)

vendor=cisco AND product=nx-os AND version=4.2\(8\)

vendor=cisco AND product=nx-os AND version=5.2\(3a\)

vendor=cisco AND product=nx-os AND version=base

vendor=cisco AND product=nx-os AND version=5.2\(7\)

vendor=cisco AND product=nx-os AND version=6.2\(8b\)

vendor=cisco AND product=nx-os AND version=5.1\(1\)

vendor=cisco AND product=nx-os AND version=5.1\(1a\)

vendor=cisco AND product=nx-os AND version=6.1\(1\)

vendor=cisco AND product=nx-os AND version=6.2\(2\)

vendor=cisco AND product=nx-os AND version=6.2\(6\)

vendor=cisco AND product=nx-os AND version=6.0\(1\)

vendor=cisco AND product=nx-os AND version=6.1\(2\)

vendor=cisco AND product=nx-os AND version=6.2\(14\)s1

vendor=cisco AND product=nx-os AND version=6.1\(5\)

vendor=cisco AND product=nx-os AND version=5.2\(5\)

vendor=cisco AND product=nx-os AND version=6.2\(8\)

vendor=cisco AND product=nx-os AND version=5.0\(2a\)

vendor=cisco AND product=nx-os AND version=5.0\(3\)

vendor=cisco AND product=nx-os AND version=4.1.\(4\)

vendor=cisco AND product=nx-os AND version=6.0\(4\)

vendor=cisco AND product=nx-os AND version=4.2\(6\)

Reference

20161005 Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability-Mitigation, Vendor Advisory
93409-Not Applicable, Third Party Advisory, VDB Entry
1036946-Not Applicable, Third Party Advisory, VDB Entry

Keywords

CVE-2016-1453

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-1453

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures