Vulnerability CVE-2011-4023


Published: 2012-05-03

Description:
Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remote authenticated users to cause a denial of service (memory consumption) via SNMP requests, aka Bug ID CSCtr65682.

Type:

CWE-399

(Resource Management Errors)

Vendor: Cisco
Product: Nx-os 
Version:
5.0(5)
5.0(3)n2(2b)
5.0(3)n2(2a)
5.0(3)n2(2)
5.0(3)n2(1)
5.0(3)n1(1c)
5.0(3)n1(1b)
5.0(3)n1(1a)
5.0(3)n1(1)
5.0(3)
5.0(2a)
5.0(2)n2(1a)
5.0(2)n2(1)
5.0(2)n1(1)
5.0(2)
5.0
Product: Nexus 2248tp fex switch 
Product: Nexus 2148t fex switch 
Product: Nexus 5548p 
Product: Nexus 5020p switch 
Product: Nexus 2232pp fex switch 
Product: Nexus 5596up 
Product: Nexus 5548up switch 
Product: Nexus 2248tp e fex switch 
Product: Nexus 5010p switch 
Product: Nexus 2224tp fex switch 
Product: Nexus 5548up 
Product: Nexus 5548p switch 
Product: Nexus 2232tm fex switch 
Product: Nexus 5596up switch 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N2_1/Nexus5000_Release_Notes_5_0_3_N2.html

Related CVE
CVE-2019-1975
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protec...
CVE-2019-12620
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statist...
CVE-2019-1976
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improp...
CVE-2019-1939
A vulnerability in the Cisco Webex Teams client for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. This vulnerability is due to improper restrictions on software logging features used by t...
CVE-2019-12645
A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to execute arbitrary code on an affected device The vulnerability is due to im...
CVE-2019-12644
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface...
CVE-2019-12635
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does ...
CVE-2019-12633
A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to ...

Copyright 2019, cxsecurity.com

 

Back to Top