CVE-2016-1453

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 5.0 through 7.3

Description A buffer overflow issue in the Overlay Transport Virtualization (OTV) GRE feature allows remote attackers to execute arbitrary code via long parameters in a packet header. The vulnerability is due to incomplete input validation performed on the size of OTV packet header parameters, which can result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted OTV UDP packet to the OTV interface on an affected device, potentially allowing the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the OTV related process on the affected device.

Recommendations For Cisco NX-OS versions 5.0 through 7.3, update to a fixed software version to address this issue. As a temporary workaround, consider implementing a mitigation strategy to restrict the sending of crafted OTV UDP packets to the OTV interface on affected devices.