CISCO : Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability (cisco-sa-20161005-otv)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.106340

Categoría: CISCO

Título: Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability (cisco-sa-20161005-otv)

Resumen: A vulnerability in the Overlay Transport Virtualization (OTV); generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series; Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected; system or to remotely execute code.

Descripción: Summary:
A vulnerability in the Overlay Transport Virtualization (OTV)
generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series
Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected
system or to remotely execute code.

Vulnerability Insight:
The vulnerability is due to incomplete input validation
performed on the size of OTV packet header parameters, which can result in a buffer overflow. An
attacker could exploit this vulnerability by sending a crafted OTV UDP packet to the OTV
interface on an affected device.

Vulnerability Impact:
An exploit could allow the attacker to execute arbitrary code
and obtain full control of the system or cause a reload of the OTV related process on the
affected device.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1453
BugTraq ID: 93409
http://www.securityfocus.com/bid/93409
Cisco Security Advisory: 20161005 Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
http://www.securitytracker.com/id/1036946

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.106340
Categoría:	CISCO
Título:	Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability (cisco-sa-20161005-otv)
Resumen:	A vulnerability in the Overlay Transport Virtualization (OTV); generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series; Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected; system or to remotely execute code.
Descripción:	Summary: A vulnerability in the Overlay Transport Virtualization (OTV) generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code. Vulnerability Insight: The vulnerability is due to incomplete input validation performed on the size of OTV packet header parameters, which can result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted OTV UDP packet to the OTV interface on an affected device. Vulnerability Impact: An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the OTV related process on the affected device. Solution: See the referenced vendor advisory for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1453 BugTraq ID: 93409 http://www.securityfocus.com/bid/93409 Cisco Security Advisory: 20161005 Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv http://www.securitytracker.com/id/1036946
Copyright	Copyright (C) 2016 Greenbone Networks GmbH