PT-2013-2946 · Cisco · Nexus 5500+10
Publicado
2013-04-24
·
Atualizado
2013-04-25
·
CVE-2013-1178
CVSS v2.0
8.3
Alta
| Vetor | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco NX-OS versions 4.x through 5.2(3) on Nexus 7000 devices
Cisco NX-OS versions 4.x through 5.1(3)N1(1) on Nexus 5000 and 5500 devices
Cisco NX-OS versions prior to 4.1(2)E1(1h) on Nexus 4000 devices
Cisco NX-OS versions 5.x prior to 5.0(3)U3(1) on Nexus 3000 devices
Cisco NX-OS versions 4.x prior to 4.2(1)SV1(5.1) on Nexus 1000V devices
Cisco NX-OS versions 4.x through 5.2(3) on MDS 9000 devices
Cisco UCS versions prior to 2.0(2m) on 6100 and 6200 devices
Cisco CGR 1000 versions prior to CG4(1)
Description
The issue is related to multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS. This allows remote attackers to execute arbitrary code via malformed CDP packets. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations
For Nexus 7000 devices running versions 4.x through 5.2(3), update to version 5.2(4) or later.
For Nexus 5000 and 5500 devices running versions 4.x through 5.1(3)N1(1), update to version 5.1(3)N1(1) or later.
For Nexus 4000 devices running versions prior to 4.1(2)E1(1h), update to version 4.1(2)E1(1h) or later.
For Nexus 3000 devices running versions 5.x prior to 5.0(3)U3(1), update to version 5.0(3)U3(1) or later.
For Nexus 1000V devices running versions 4.x prior to 4.2(1)SV1(5.1), update to version 4.2(1)SV1(5.1) or later.
For MDS 9000 devices running versions 4.x through 5.2(3), update to version 5.2(4) or later.
For Cisco UCS 6100 and 6200 devices running versions prior to 2.0(2m), update to version 2.0(2m) or later.
For Cisco CGR 1000 devices running versions prior to CG4(1), update to version CG4(1) or later.
Correção
RCE
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cgr 1000
Cisco Nx-Os
Cisco Nexus
Cisco Ucs
Mds 9000
Nexus 1000V
Nexus 3000
Nexus 4000
Nexus 5000
Nexus 5500
Nexus 7000