CVE-2015-4323

19.08.2015, 23:59

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.1 UNKNOWN	ADJACENT_NETWORK	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:C
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Vendor	Product	Version
cisco	nx-os	6.2\(14\)s1
cisco	nx-os	6.0\(2\)u5\(1.41\)
cisco	nx-os	7.0\(3\)i2\(0.373\)
cisco	nx-os	7.3\(0\)zn\(0.83\)
cisco	nx-os	7.3\(0\)zn\(0.9\)
cisco	mds_9000_nx-os	6.2\(13\)
cisco	mds_9000_nx-os	7.1\(0\)zn\(91.99\)
cisco	nx-os	7.3\(0\)zn\(0.9\)
cisco	nx-os	4.1\(2\)e1\(1b\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=40469

http://www.securityfocus.com/bid/76367

http://www.securitytracker.com/id/1033321

http://tools.cisco.com/security/center/viewAlert.x?alertId=40469

http://www.securityfocus.com/bid/76367

http://www.securitytracker.com/id/1033321