Published: 26/05/2014 Updated: 30/10/2018
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 prior to 1.4(1i), NX-OS 5.0 prior to 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 prior to 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x prior to 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 prior to 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.

Affected Products

Vendor Product Versions
CiscoCgr 1120-
CiscoCgr 1240-
CiscoNexus 3016q-
CiscoNexus 3048-
CiscoNexus 3064t-
CiscoNexus 3064x-
CiscoNexus 3548-
CiscoNexus 4001i-
CiscoNexus 5000-
CiscoNexus 5010-
CiscoNexus 5010p Switch-
CiscoNexus 5020-
CiscoNexus 5020p Switch-
CiscoNexus 5548p-
CiscoNexus 5548up-
CiscoNexus 5596up-
CiscoNexus 7000-
CiscoNexus 7000 10-slot-
CiscoNexus 7000 18-slot-
CiscoNexus 7000 9-slot-
CiscoUnified Computing System 6120xp Fabric Interconnect-
CiscoUnified Computing System 6140xp Fabric Interconnect-
CiscoUnified Computing System 6248up Fabric Interconnect-
CiscoUnified Computing System 6296up Fabric Interconnect-
CiscoCg-osCg4, Cg4(1)
CiscoNx-os-, 4.1.(2), 5.0, 5.0(2), 5.0(2)n1(1), 5.0(2)n2(1), 5.0(2)n2(1a), 5.0(2a), 5.0(3), 5.0(3)n1(1), 5.0(3)n1(1a), 5.0(3)n1(1b), 5.0(3)n1(1c), 5.0(3)n2(1), 5.0(3)n2(2), 5.0(3)n2(2a), 5.0(3)n2(2b), 5.0(3)u1(1a), 5.0(3)u1(1b), 5.0(3)u1(1d), 5.0(3)u1(2), 5.0(3)u1(2a), 5.0(3)u2(1), 5.0(3)u2(2), 5.0(3)u2(2a), 5.0(3)u2(2b), 5.0(3)u2(2c), 5.0(3)u2(2d), 5.0(3)u3(1), 5.0(3)u3(2), 5.0(3)u3(2a), 5.0(3)u3(2b), 5.0(3)u4(1), 5.0(3)u5(1), 5.0(3)u5(1a), 5.0(3)u5(1b), 5.0(3)u5(1c), 5.0(3)u5(1d), 5.0(3)u5(1e), 5.0(5), 5.1, 5.1(1), 5.1(1a), 5.1(2), 5.1(3), 5.2, 5.2(1), 5.2(3)
CiscoUnified Computing System Infrastructure And Unified Computing System Software1.4(1j)

Vendor Advisories

Cisco Nexus, Cisco Unified Computing System (UCS), and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system These products are affected by one or more of the following vulnerabilities: Cisco NX-OS Virtual Device Context SSH Privilege Escalation Vulnerability Cisco NX-OS Virtual Device Context SS ...