Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-1453 |
CWE-ID | CWE-20 CWE-120 |
Exploitation vector | Local network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
Cisco Nexus 7700 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 7000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU774
Risk: Medium
CVSSv3.1: 8.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2016-1453
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause the target system reload or execute arbitrary code.
The weakness is due to a buffer overflow caused by insufficient input validation of the size of OTV packet header parameters. By sending a specially crafted OTV UDP packet to the OTV interface attackers can cause OTV process reload or arbitrary code execution and obtain full control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution and complete access to the vulnerable system.
The following Access Control List (ACL) can be configured to drop malformed OTV control packets.
IP access list OTV_PROT_V1
10 deny udp any any fragments
20 deny udp any any eq 8472 packet-length lt 54
30 permit ip any any
The vulnerability is fixed in versions 7.2(2)D1(1) and 7.3(1)D1(1).
Vulnerable software versionsCisco Nexus 7700 Series Switches: 5.0 - 7.3
Cisco Nexus 7000 Series Switches: 5.0 - 7.3
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.