CVE-2013-1178

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 4.x through 5.2(3) on Nexus 7000 devices Cisco NX-OS versions 4.x through 5.1(3)N1(1) on Nexus 5000 and 5500 devices Cisco NX-OS versions prior to 4.1(2)E1(1h) on Nexus 4000 devices Cisco NX-OS versions 5.x prior to 5.0(3)U3(1) on Nexus 3000 devices Cisco NX-OS versions 4.x prior to 4.2(1)SV1(5.1) on Nexus 1000V devices Cisco NX-OS versions 4.x through 5.2(3) on MDS 9000 devices Cisco UCS versions prior to 2.0(2m) on 6100 and 6200 devices Cisco CGR 1000 versions prior to CG4(1)

Description The issue is related to multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS. This allows remote attackers to execute arbitrary code via malformed CDP packets. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Nexus 7000 devices running versions 4.x through 5.2(3), update to version 5.2(4) or later. For Nexus 5000 and 5500 devices running versions 4.x through 5.1(3)N1(1), update to version 5.1(3)N1(1) or later. For Nexus 4000 devices running versions prior to 4.1(2)E1(1h), update to version 4.1(2)E1(1h) or later. For Nexus 3000 devices running versions 5.x prior to 5.0(3)U3(1), update to version 5.0(3)U3(1) or later. For Nexus 1000V devices running versions 4.x prior to 4.2(1)SV1(5.1), update to version 4.2(1)SV1(5.1) or later. For MDS 9000 devices running versions 4.x through 5.2(3), update to version 5.2(4) or later. For Cisco UCS 6100 and 6200 devices running versions prior to 2.0(2m), update to version 2.0(2m) or later. For Cisco CGR 1000 devices running versions prior to CG4(1), update to version CG4(1) or later.