CVE-2013-1181 — Improper Input Validation in Cisco Unified Computing System Infrastructure AND Unified Computing System Software

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.8%

top 25.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System Infrastructure AND Unified Computing System Software Cisco Nx-os

Timeline

PublishedApr 25

Latest updateMay 14

Description

Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/unified_computing_system_infrastructure_and_unified_computing_system_software2.0\(1t\)+28

▶NVDcisco/nx-os60 versions+59

🔴Vulnerability Details

GHSA

GHSA-fhgx-fprj-xm5c: Cisco NX-OS on Nexus 5500 devices 4↗2022-05-14

▶

CVEList

CVE-2013-1181: Cisco NX-OS on Nexus 5500 devices 4↗2013-04-25

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco NX-OS-Based Products↗2013-04-24

▶

💬Community

Bugzilla

CVE-2013-4236 vdsm: incomplete fix for CVE-2013-0167 issue↗2013-08-12

▶