Vulnerability CVE-2014-3261


Published: 2014-05-25   Modified: 2014-05-26

Description:
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CISO -> Cg-os 
Cisco -> Nexus 5548up 
Cisco -> Cgr 1120 
Cisco -> Nexus 5548up switch 
Cisco -> Cgr 1240 
Cisco -> Nexus 5596up 
Cisco -> Nexus 3016q 
Cisco -> Nexus 5596up switch 
Cisco -> Nexus 3048 
Cisco -> Nexus 7000 
Cisco -> Nexus 3064t 
Cisco -> Nexus 7000 10-slot 
Cisco -> Nexus 3064x 
Cisco -> Nexus 7000 18-slot 
Cisco -> Nexus 3548 
Cisco -> Nexus 7000 9-slot 
Cisco -> Nexus 4001i 
Cisco -> Unified computing system 6120xp fabric interconnect 
Cisco -> Nexus 5000 
Cisco -> Unified computing system 6140xp fabric interconnect 
Cisco -> Nexus 5010 
Cisco -> Unified computing system 6248up fabric interconnect 
Cisco -> Nexus 5010p switch 
Cisco -> Unified computing system 6296up fabric interconnect 
Cisco -> Nexus 5020 
Cisco -> Nx-os 
Cisco -> Nexus 5020p switch 
Cisco -> Unified computing system infrastructure and unified computing system software 
Cisco -> Nexus 5548p 
Cisco -> Nexus 5548p switch 
Cisco -> Cg-os 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

Copyright 2024, cxsecurity.com

 

Back to Top