CVE-2016-1455Sensitive Information Exposure in Cisco Nx-os

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedOct 5
Latest updateMay 13

Description

Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an incorrect iptables local-interface configuration, which allows remote attackers to obtain sensitive information via TCP or UDP traffic, aka Bug ID CSCuz05365.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/nx-os5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-98hm-3g42-fqm2: Cisco NX-OS before 72022-05-13
CVEList
CVE-2016-1455: Cisco NX-OS before 72016-10-05

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Information Disclosure Vulnerability2016-10-05

💬Community

1
Bugzilla
CVE-2017-14063 async-http-client: Invalid URL parsing with '?'2017-09-01
CVE-2016-1455 — Sensitive Information Exposure in Cisco | cvebase