CVE-2016-1453

CRITICAL

Cisco NX-OS 5.0-7.3 - Remote Code Execution via OTV GRE Packet Header

Title source: llm
STIX 2.1

Description

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

References (3)

Core 3
Core References
Mitigation, Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
Not Applicable, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93409
Not Applicable, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036946

Scores

CVSS v3 9.8
EPSS 0.0807
EPSS Percentile 94.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (46)
cisco/nx-os 4.1.\(2\)
cisco/nx-os 4.1.\(3\)
cisco/nx-os 4.1.\(4\)
cisco/nx-os 4.1.\(5\)
cisco/nx-os 4.2\(3\)
cisco/nx-os 4.2\(4\)
cisco/nx-os 4.2\(6\)
cisco/nx-os 4.2\(8\)
cisco/nx-os 4.2.\(2a\)
cisco/nx-os 5.0\(2a\)
... and 36 more
Published Oct 06, 2016
Tracked Since Feb 18, 2026