CVE-2014-3261

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 1.4 through 1.4(1i) Cisco NX-OS versions 5.0 through 5.0(3)U2(2) on Nexus 3000 devices Cisco NX-OS versions 4.1 through 4.1(2)E1(1l) on Nexus 4000 devices Cisco NX-OS versions 5.x through 5.1(3)N1(1) on Nexus 5000 devices Cisco NX-OS versions 5.2 through 5.2(3a) on Nexus 7000 devices Cisco CG-OS versions CG4 through CG4(2) on Connected 1000 Connected Grid Routers

Description A buffer overflow in the Smart Call Home implementation allows remote SMTP servers to execute arbitrary code via a crafted reply. This issue affects Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System and devices Nexus, as well as Cisco CG-OS for Connected Grid Routers.

Recommendations For Cisco NX-OS versions 1.4 through 1.4(1i), update to version 1.4(1i) or later. For Cisco NX-OS versions 5.0 through 5.0(3)U2(2) on Nexus 3000 devices, update to version 5.0(3)U2(2) or later. For Cisco NX-OS versions 4.1 through 4.1(2)E1(1l) on Nexus 4000 devices, update to version 4.1(2)E1(1l) or later. For Cisco NX-OS versions 5.x through 5.1(3)N1(1) on Nexus 5000 devices, update to version 5.1(3)N1(1) or later. For Cisco NX-OS versions 5.2 through 5.2(3a) on Nexus 7000 devices, update to version 5.2(3a) or later. For Cisco CG-OS versions CG4 through CG4(2) on Connected 1000 Connected Grid Routers, update to version CG4(2) or later.