cbcvebase.
CVE-2016-1453
published 2016-10-06

CVE-2016-1453: Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.07%
94.1th percentile
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

Affected

47 ranges· showing 25
VendorProductVersion rangeFixed in
cisconexus_7000_and_7700_series_switches_overlay_transport_virtualization
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os

Detection & IOCsextracted from sources · hover to see the quote

  • Detect crafted OTV UDP packets sent to the OTV interface; exploit vector is a specially crafted OTV UDP packet with oversized header parameters targeting the OTV GRE implementation
  • Monitor for unexpected reloads of the OTV-related process on Nexus 7000/7700 devices, which may indicate exploitation attempts
  • Inspect OTV GRE packet header parameter sizes for anomalously large values indicative of buffer overflow attempts
  • ·Vulnerability affects Cisco NX-OS versions 5.0 through 7.3 on Nexus 7000 and 7700 devices only when the OTV GRE feature is in use; a workaround is available to mitigate the vulnerability
  • ·Attacker must be adjacent (on the same network segment) to reach the OTV interface; this is not a remotely exploitable vulnerability from arbitrary internet sources

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.