CVE-2016-1453
CRITICALCisco NX-OS 5.0-7.3 - Remote Code Execution via OTV GRE Packet Header
Title source: llmDescription
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.
References (3)
Core 3
Core References
Mitigation, Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
Not Applicable, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93409
Not Applicable, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036946
Scores
CVSS v3
9.8
EPSS
0.0807
EPSS Percentile
94.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (46)
cisco/nx-os
4.1.\(2\)
cisco/nx-os
4.1.\(3\)
cisco/nx-os
4.1.\(4\)
cisco/nx-os
4.1.\(5\)
cisco/nx-os
4.2\(3\)
cisco/nx-os
4.2\(4\)
cisco/nx-os
4.2\(6\)
cisco/nx-os
4.2\(8\)
cisco/nx-os
4.2.\(2a\)
cisco/nx-os
5.0\(2a\)
... and 36 more
Published
Oct 06, 2016
Tracked Since
Feb 18, 2026