CVE-2016-1453 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Nx-os

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

26.1%

top 3.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedOct 6

Latest updateMay 13

Description

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/nx-os46 versions+45

🔴Vulnerability Details

GHSA

GHSA-gm4r-22mh-3f5q: Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5↗2022-05-13

▶

CVEList

CVE-2016-1453: Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5↗2016-10-06

▶

📋Vendor Advisories

Cisco

Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability↗2016-10-05

▶