Remote code execution in Cisco Nexus 7700 Series Switches and Cisco Nexus 7000 Series Switches - CVE-2016-1453
Published: October 5, 2016 / Updated: October 6, 2016
Vulnerability identifier: #VU774
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2016-1453
CWE-ID: CWE-120
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Nexus 7700 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 7700 Series Switches
Cisco Nexus 7000 Series Switches
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to cause the target system reload or execute arbitrary code.
The weakness is due to a buffer overflow caused by insufficient input validation of the size of OTV packet header parameters. By sending a specially crafted OTV UDP packet to the OTV interface attackers can cause OTV process reload or arbitrary code execution and obtain full control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution and complete access to the vulnerable system.
The weakness is due to a buffer overflow caused by insufficient input validation of the size of OTV packet header parameters. By sending a specially crafted OTV UDP packet to the OTV interface attackers can cause OTV process reload or arbitrary code execution and obtain full control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution and complete access to the vulnerable system.
How to mitigate CVE-2016-1453
The following Access Control List (ACL) can be configured to drop malformed OTV control packets.
IP access list OTV_PROT_V1
10 deny udp any any fragments
20 deny udp any any eq 8472 packet-length lt 54
30 permit ip any any
The vulnerability is fixed in versions 7.2(2)D1(1) and 7.3(1)D1(1).