Vulnerability CVE-2013-1181


Published: 2013-04-25

Description:
Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexus 3000 devices 5.x before 5.0(3)U3(2), and Unified Computing System (UCS) 6200 devices before 2.0(1w) allows remote attackers to cause a denial of service (device reload) by sending a jumbo packet to the management interface, aka Bug IDs CSCtx17544, CSCts10593, and CSCtx95389.

See advisories in our WLB2 database:
Topic
Author
Date
High
Cisco NX-OS-Based Products Multiple Vulnerabilities
CISCO
24.04.2013

Type:

CWE-20

(Improper Input Validation)

Vendor: Cisco
Product: Nx-os 
Version:
5.0(3)u3(1)
5.0(3)u2(2d)
5.0(3)u2(2c)
5.0(3)u2(2b)
5.0(3)u2(2a)
5.0(3)u2(2)
5.0(3)u2(1)
5.0(3)u1(1b)
5.0(3)n2(2b)
5.0(3)n2(2a)
5.0(3)n2(2)
5.0(3)n2(1)
5.0(3)n1(1c)
5.0(3)n1(1b)
5.0(3)n1(1a)
5.0(3)n1(1)
5.0(3)
5.0(2a)
5.0(2)n2(1a)
5.0(2)n2(1)
5.0(2)n1(1)
5.0(2)
5.0
4.2.(2a)
4.2(8)
4.2(6)
4.2(4)
4.2(3)
4.2(2)
4.2(1)sv1(5.1)
4.2(1)sv1(4a)
4.2(1)sv1(4)
4.2(1)n2(1a)
4.2(1)n2(1)
4.2(1)n1(1)
4.2(1)
4.2
4.1.(5)
4.1.(4)
4.1.(3)
4.1.(2)
4.1(3)n2(1a)
4.1(3)n2(1)
4.1(3)n1(1a)
4.1(3)n1(1)
4.0(4)sv1(3d)
4.0(4)sv1(3c)
4.0(4)sv1(3b)
4.0(4)sv1(3a)
4.0(4)sv1(3)
4.0(4)sv1(2)
4.0(4)sv1(1)
4.0(1a)n2(1a)
4.0(1a)n2(1)
4.0(1a)n1(1a)
4.0(1a)n1(1)
4.0(0)n1(2a)
4.0(0)n1(2)
4.0(0)n1(1a)
4.0
See more versions on NVD
Product: Unified computing system infrastructure and unified computing system software 
Version:
2.0(1t)
2.0(1s)
2.0(1q)
1.4(4k)
1.4(4j)
1.4(4i)
1.4(4g)
1.4(4f)
1.4(3y)
1.4(3u)
1.4(3s)
1.4(3q)
1.4(3m)
1.4(3l)
1.4(3i)
1.4(1m)
1.4(1j)
1.3(1y)
1.3(1w)
1.3(1t)
1.3(1q)
1.3(1p)
1.3(1o)
1.3(1n)
1.3(1m)
1.3(1c)
1.2(1d)
1.1(1m)
1.0(2k)
See more versions on NVD
Product: Nexus 5548p 
Product: Nexus 3016q 
Product: Unified computing system 6296up fabric interconnect 
Product: Nexus 5548up 
Product: Nexus 3064t 
Product: Nexus 5596up 
Product: Nexus 3548 
Product: Unified computing system 6248up fabric interconnect 
Product: Nexus 5548p switch 
Product: Nexus 3048 
Product: Nexus 5548up switch 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti

Related CVE
CVE-2019-1882
A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application....
CVE-2019-1881
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device...
CVE-2019-1872
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to im...
CVE-2019-1870
A vulnerability in the web-based management interface of Cisco Enterprise Chat and Email (ECE) Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface ...
CVE-2019-1868
A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-b...
CVE-2019-1845
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series could allow an unauthenticated, ...
CVE-2019-1842
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic er...
CVE-2019-1780
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying operating system of an affected device with elevate...

Copyright 2019, cxsecurity.com

 

Back to Top