CVE-2007-1257

CWE-20 — Improper Input Validation4 documents4 sources

Severity

10.0CRITICAL

EPSS

3.0%

top 13.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst 6000 Ws-svc-nam-1 Cisco Catalyst 6000 Ws-svc-nam-2 Cisco Catalyst 6000 Ws-x6380-nam +6 more

Timeline

PublishedMar 3

Latest updateMay 1

Description

The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

▶NVDcisco/catalyst_6000_ws-svc-nam-12.2\(1a\)

▶NVDcisco/catalyst_6000_ws-svc-nam-22.2\(1a\)

▶NVDcisco/catalyst_6000_ws-x6380-nam3.1\(1a\)

▶NVDcisco/catalyst_6500_ws-svc-nam-12.2\(1a\)

▶NVDcisco/catalyst_6500_ws-svc-nam-22.2\(1a\)

🔴Vulnerability Details

GHSA

GHSA-m2j7-6q7v-wmpq: The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP↗2022-05-01

▶

CVEList

CVE-2007-1257: The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP↗2007-03-03

▶

📋Vendor Advisories

Cisco

Cisco Catalyst 6000, 6500 Series and Cisco 7600 Series NAM (Network Analysis Module) Vulnerability↗2007-02-28

▶