[c-nsp] Cisco Security Advisory: Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Oct 5 12:12:51 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
Advisory ID: cisco-sa-20161005-otv
Revision 1.0
For Public Release 2016 October 5 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the Overlay Transport Virtualization (OTV) Generic Router Encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code.
The vulnerability is due to incomplete input validation performed on the size of OTV packet header parameters, which can result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted OTV UDP packet to the OTV interface on an affected device. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the OTV related process on the affected device.
Cisco has released software updates that address this vulnerability. A workaround to mitigate this vulnerability is available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBV/Jmd689gD3EAJB5AQJKfxAAgQHHRNd10fAZT/Nv9Nd3OarYWZjt9QnE
c3Q5KPGZ8yBsoBDp9vGNq3Zu1XRLz9TZJk/2hqs3AOGLsONeyJ+wcce01/zYwdxv
wjgXc/qs/fT4uDFSjguCq4alBDJoxA+MCDH9ZYJ1XdykCVoZprcJQFbiRuSkKJJB
0pS1RsmiJ1KXbOpG7oCU/7ptb6gVAMVieTZW530Feu/WXssLA4I8wprNfhdMzW5Q
15KqH+pOZSr831rjBQahnudBB1u5smw/fWWgtRZxo6x3OSbS2drqGaRbNg6qPtl7
m8zdl2Rd++FYEwKm61Xwm7t8x2m2Yh/aHRRGL5bTcit1xFETiadL73hiD2wFoYdR
XEIFnYn+7tkIOhq2cS89O+00CYipFTwBBsMpibURVP56nY3xUaiv4AL72bxed0ys
afJ1ZctMSLOQRrcjbmzRWFyCjZEjg03SrPOCsCmQRRkl0MPeGCJ/e7gkhE7aYN+B
E1dsASbbLHyH0zwkOGMxoDiPHf1UPiSpXN9JpdAZlk6iF5sD4POXhmAtYgyyQIDt
6mZn6hW7HH38hTErrze1rN1IIQiO/qDjowkQuSi5G3SsT3uAGn4Rtz6oZTHzLuYq
LT/vX3BK/0WbKII0Zz/Vw4QY1vhx32rgdGzez0H/OKMKMICsi8IvuqXGeOZZC++B
CoZE5dSl+VI=
=P29o
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list