Vulnerability CVE-2014-3261


Published: 2014-05-25   Modified: 2014-05-26

Description:
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: CISO
Product: Cg-os 
Version: cg4(1); cg4;
Vendor: Cisco
Product: Cg-os 
Version: cg4(1); cg4;
Product: Nx-os 
Version:
5.2(3)
5.2(1)
5.2
5.1(3)
5.1(2)
5.1(1a)
5.1(1)
5.1
5.0(5)
5.0(3)u5(1e)
5.0(3)u5(1d)
5.0(3)u5(1c)
5.0(3)u5(1b)
5.0(3)u5(1a)
5.0(3)u5(1)
5.0(3)u4(1)
5.0(3)u3(2b)
5.0(3)u3(2a)
5.0(3)u3(2)
5.0(3)u3(1)
5.0(3)u2(2d)
5.0(3)u2(2c)
5.0(3)u2(2b)
5.0(3)u2(2a)
5.0(3)u2(2)
5.0(3)u2(1)
5.0(3)u1(2a)
5.0(3)u1(2)
5.0(3)u1(1d)
5.0(3)u1(1b)
5.0(3)u1(1a)
5.0(3)n2(2b)
5.0(3)n2(2a)
5.0(3)n2(2)
5.0(3)n2(1)
5.0(3)n1(1c)
5.0(3)n1(1b)
5.0(3)n1(1a)
5.0(3)n1(1)
5.0(3)
5.0(2a)
5.0(2)n2(1a)
5.0(2)n2(1)
5.0(2)n1(1)
5.0(2)
5.0
4.1.(2)
Product: Unified computing system infrastructure and unified computing system software 
Version: 1.4(1j);
Product: Nexus 3064x 
Product: Cgr 1120 
Product: Nexus 7000 9-slot 
Product: Nexus 5596up 
Product: Nexus 5020p switch 
Product: Nexus 4001i 
Product: Nexus 3016q 
Product: Unified computing system 6140xp fabric interconnect 
Product: Nexus 7000 
Product: Nexus 5548p switch 
Product: Nexus 5010 
Product: Nexus 3064t 
Product: Unified computing system 6296up fabric interconnect 
Product: Nexus 7000 18-slot 
Product: Nexus 5548up switch 
Product: Nexus 5020 
Product: Nexus 3548 
Product: Cgr 1240 
Product: Unified computing system 6120xp fabric interconnect 
Product: Nexus 5596up switch 
Product: Nexus 5548p 
Product: Nexus 5000 
Product: Nexus 3048 
Product: Unified computing system 6248up fabric interconnect 
Product: Nexus 7000 10-slot 
Product: Nexus 5548up 
Product: Nexus 5010p switch 

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

Related CVE
CVE-2019-1915
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco U...
CVE-2019-15272
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerab...
CVE-2019-15259
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insufficient input validation of some parameters that ar...
CVE-2019-15256
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an aff...
CVE-2019-12716
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac...
CVE-2019-12715
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac...
CVE-2019-12713
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so...
CVE-2019-12712
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected so...

Copyright 2019, cxsecurity.com

 

Back to Top