CVE-2016-1465 — Cisco Nx-os vulnerability

CWE-3995 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 24.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedJul 28

Latest updateMay 17

Description

Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/nx-os21 versions+20

🔴Vulnerability Details

GHSA

GHSA-fxrm-5p2x-8w54: Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5↗2022-05-17

▶

CVEList

CVE-2016-1465: Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5↗2016-07-28

▶

📋Vendor Advisories

Cisco

Cisco Nexus 1000v Application Virtual Switch Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability↗2016-07-27

▶

💬Community

Bugzilla

CVE-2016-1566 guacamole: Stored cross-site scripting↗2017-02-02

▶