CVE-2014-3261

26.05.2014, 00:25

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.6 UNKNOWN	NETWORK	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
cisco	unified_computing_system_6120xp_fabric_interconnect	-
cisco	unified_computing_system_6140xp_fabric_interconnect	-
cisco	unified_computing_system_6248up_fabric_interconnect	-
cisco	unified_computing_system_6296up_fabric_interconnect	-
cisco	unified_computing_system_infrastructure_and_unified_computing_system_software	1.4\(1j\)
cisco	cgr_1120	-
cisco	cgr_1240	-
cisco	nx-os	5.2
cisco	nx-os	5.2\(1\)
cisco	nx-os	5.2\(3\)
cisco	nexus_7000	-
cisco	nexus_7000_10-slot	-
cisco	nexus_7000_18-slot	-
cisco	nexus_7000_9-slot	-
cisco	nx-os	-
cisco	nx-os	5.0
cisco	nx-os	5.0\(2\)
cisco	nx-os	5.0\(2\)n1\(1\)
cisco	nx-os	5.0\(2\)n2\(1\)
cisco	nx-os	5.0\(2\)n2\(1a\)
cisco	nx-os	5.0\(2a\)
cisco	nx-os	5.0\(3\)
cisco	nx-os	5.0\(3\)n1\(1\)
cisco	nx-os	5.0\(3\)n1\(1a\)
cisco	nx-os	5.0\(3\)n1\(1b\)
cisco	nx-os	5.0\(3\)n1\(1c\)
cisco	nx-os	5.0\(3\)n2\(1\)
cisco	nx-os	5.0\(3\)n2\(2\)
cisco	nx-os	5.0\(3\)n2\(2a\)
cisco	nx-os	5.0\(3\)n2\(2b\)
cisco	nx-os	5.0\(3\)u1\(1a\)
cisco	nx-os	5.0\(3\)u1\(1b\)
cisco	nx-os	5.0\(3\)u1\(1d\)
cisco	nx-os	5.0\(3\)u1\(2\)
cisco	nx-os	5.0\(3\)u1\(2a\)
cisco	nx-os	5.0\(3\)u2\(1\)
cisco	unified_computing_system_infrastructure_and_unified_computing_system_software	1.4\(1j\)
cisco	nexus_3016q	-
cisco	nexus_3048	-
cisco	nexus_3064t	-
cisco	nexus_3064x	-
cisco	nexus_3548	-
cisco	nx-os	5.0
cisco	nx-os	5.0\(2\)
cisco	nx-os	5.0\(2\)n1\(1\)
cisco	nx-os	5.0\(2\)n2\(1\)
cisco	nx-os	5.0\(2\)n2\(1a\)
cisco	nx-os	5.0\(2a\)
cisco	nx-os	5.0\(3\)
cisco	nx-os	5.0\(3\)n1\(1\)
cisco	nx-os	5.0\(3\)n1\(1a\)
cisco	nx-os	5.0\(3\)n1\(1b\)
cisco	nx-os	5.0\(3\)n1\(1c\)
cisco	nx-os	5.0\(3\)n2\(1\)
cisco	nx-os	5.0\(3\)n2\(2\)
cisco	nx-os	5.0\(3\)n2\(2a\)
cisco	nx-os	5.0\(3\)n2\(2b\)
cisco	nx-os	5.0\(3\)u1\(1a\)
cisco	nx-os	5.0\(3\)u1\(1b\)
cisco	nx-os	5.0\(3\)u1\(1d\)
cisco	nx-os	5.0\(3\)u1\(2\)
cisco	nx-os	5.0\(3\)u1\(2a\)
cisco	nx-os	5.0\(3\)u2\(1\)
cisco	nx-os	5.0\(3\)u2\(2\)
cisco	nx-os	5.0\(3\)u2\(2a\)
cisco	nx-os	5.0\(3\)u2\(2b\)
cisco	nx-os	5.0\(3\)u2\(2c\)
cisco	nx-os	5.0\(3\)u2\(2d\)
cisco	nx-os	5.0\(3\)u3\(1\)
cisco	nx-os	5.0\(3\)u3\(2\)
cisco	nx-os	5.0\(3\)u3\(2a\)
cisco	nx-os	5.0\(3\)u3\(2b\)
cisco	nx-os	5.0\(3\)u4\(1\)
cisco	nx-os	5.0\(3\)u5\(1\)
cisco	nx-os	5.0\(3\)u5\(1a\)
cisco	nx-os	5.0\(3\)u5\(1b\)
cisco	nx-os	5.0\(3\)u5\(1c\)
cisco	nx-os	5.0\(3\)u5\(1d\)
cisco	nx-os	5.0\(3\)u5\(1e\)
cisco	nx-os	5.0\(5\)
cisco	nx-os	5.1
cisco	nx-os	5.1\(1\)
cisco	nx-os	5.1\(1a\)
cisco	nx-os	5.1\(2\)
cisco	nx-os	5.1\(3\)
cisco	nexus_5000	-
cisco	nexus_5010	-
cisco	nexus_5010p_switch	-
cisco	nexus_5020	-
cisco	nexus_5020p_switch	-
cisco	nexus_5548p	-
cisco	nexus_5548up	-
cisco	nexus_5596up	-
cisco	nx-os	4.1.\(2\)
cisco	nexus_4001i	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos