Published: 25/04/2013 Updated: 25/04/2013
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x prior to 5.2(4) and 6.x prior to 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x prior to 5.1(3)N1(1), Nexus 4000 devices prior to 4.1(2)E1(1h), Nexus 3000 devices 5.x prior to 5.0(3)U3(1), Nexus 1000V devices 4.x prior to 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x prior to 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices prior to 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.

Affected Products

Vendor Product Versions
CiscoConnected Grid Router 1000-
CiscoMds 9000*
CiscoNexus 1000v-
CiscoNexus 3000*
CiscoNexus 3016q-
CiscoNexus 3048-
CiscoNexus 3064t-
CiscoNexus 3064x-
CiscoNexus 3548-
CiscoNexus 4001i-
CiscoNexus 5000-
CiscoNexus 5010-
CiscoNexus 5020-
CiscoNexus 5548p-
CiscoNexus 5548up-
CiscoNexus 5596up-
CiscoNexus 7000-
CiscoNexus 7000 10-slot-
CiscoNexus 7000 18-slot-
CiscoNexus 7000 9-slot-
CiscoUnified Computing System 6120xp Fabric Interconnect-
CiscoUnified Computing System 6140xp Fabric Interconnect-
CiscoUnified Computing System 6248up Fabric Interconnect-
CiscoUnified Computing System 6296up Fabric Interconnect-
CiscoCg-osCg1, Cg2, Cg3, Cg4
CiscoNx-os4.0, 4.0(0)n1(1a), 4.0(0)n1(2), 4.0(0)n1(2a), 4.0(1a)n1(1), 4.0(1a)n1(1a), 4.0(1a)n2(1), 4.0(1a)n2(1a), 4.0(4)sv1(1), 4.0(4)sv1(2), 4.0(4)sv1(3), 4.0(4)sv1(3a), 4.0(4)sv1(3b), 4.0(4)sv1(3c), 4.0(4)sv1(3d), 4.1(3)n1(1), 4.1(3)n1(1a), 4.1(3)n2(1), 4.1(3)n2(1a), 4.1.(2), 4.1.(3), 4.1.(4), 4.1.(5), 4.2, 4.2(1), 4.2(1)n1(1), 4.2(1)n2(1), 4.2(1)n2(1a), 4.2(1)sv1(4), 4.2(1)sv1(4a), 4.2(1)sv1(5.1), 4.2(2), 4.2(3), 4.2(4), 4.2(6), 4.2(8), 4.2.(2a), 5.0, 5.0(2), 5.0(2)n1(1), 5.0(2)n2(1), 5.0(2)n2(1a), 5.0(2a), 5.0(3), 5.0(3)n1(1), 5.0(3)n1(1a), 5.0(3)n1(1b), 5.0(3)n1(1c), 5.0(3)n2(1), 5.0(3)n2(2), 5.0(3)n2(2a), 5.0(3)n2(2b), 5.0(5), 5.1, 5.1(1), 5.1(1a), 5.1(2), 5.1(3), 5.1(3)n1(1), 5.1(3)n1(1a), 5.1(4), 5.1(5), 5.1(6), 5.2, 5.2(1), 5.2(3), 5.2(3a), 6.0(1), 6.0(2), 6.1
CiscoUnified Computing System Infrastructure And Unified Computing System Software1.0, 1.0(2k), 1.1, 1.1(1m), 1.2, 1.2(1), 1.2(1a), 1.2(1d), 1.3(1c), 1.3(1m), 1.3(1n), 1.3(1o), 1.3(1p), 1.3(1q), 1.3(1t), 1.3(1w), 1.3(1y), 1.4(1j), 1.4(1m), 1.4(3i), 1.4(3l), 1.4(3m), 1.4(3q), 1.4(3s), 1.4(3u), 1.4(3y), 1.4(4f), 1.4(4g), 1.4(4i), 1.4(4j), 1.4(4k), 2.0(1q), 2.0(1s), 2.0(1t), 2.0(1w), 2.0(1x)

Vendor Advisories

Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system  These products are affected by one or more of the following vulnerabilities: Multiple Cisco Discovery Protocol Vulnerabilities in Cisco NX-OS-Based ...