CVE-2012-1357 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Nx-os

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedAug 6

Latest updateMay 17

Description

The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/nx-os5.0, 5.1+1

🔴Vulnerability Details

GHSA

GHSA-j64f-fqx5-p6mq: The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5↗2022-05-17

▶

CVEList

CVE-2012-1357: The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5↗2012-08-06

▶