Sign-up

ID

VAR-201304-0564


CVE

CVE-2013-117959454


TITLE

Multiple Cisco Products SNMP and License Manager Buffer Overflow Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-04355

DESCRIPTION

The Cisco MDS 9000 is a family of multi-layer intelligent optical channel switches from Cisco. Cisco Nexus is a data center-class switch from Cisco. A Cisco NX-OS-based device has a buffer overflow vulnerability in its SNMP subsystem that allows authenticated remote attackers to send a malicious SNMP query over UDP port 161 to trigger a buffer overflow on the device SNMP and license manager components. . SNMP is disabled by default and requires administrator configuration before it can be used. Since SNMP is mainly based on the UDP protocol, it can be utilized without completing the TCP three-way handshake, and the attack can be performed by forging the source. The attacker needs to know the public strings of SNMP V1 and V1 to exploit this vulnerability. An SNMP V3 device is configured. The attacker needs a valid username and password for use.

Trust: 0.6

sources: CNVD: CNVD-2013-04355

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04355

AFFECTED PRODUCTS

vendor:ciscomodel:mdsscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexusscope:eqversion:7000

Trust: 0.6

sources: CNVD: CNVD-2013-04355

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-04355
value: HIGH

Trust: 0.6

CNVD: CNVD-2013-04355
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-04355

PATCH

title:Patch for multiple Cisco product SNMP and license manager buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/33668

Trust: 0.6

sources: CNVD: CNVD-2013-04355

EXTERNAL IDS

db:NVDid:CVE-2013-117959454

Trust: 0.6

db:CNVDid:CNVD-2013-04355

Trust: 0.6

sources: CNVD: CNVD-2013-04355

REFERENCES

url:http://tools.cisco.com/security/center/viewalert.x?alertid=29022

Trust: 0.6

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130424-nxosmulti

Trust: 0.6

sources: CNVD: CNVD-2013-04355

SOURCES

db:CNVDid:CNVD-2013-04355

LAST UPDATE DATE

2022-05-04T10:12:43.371000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-04355date:2013-05-28T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-04355date:2013-04-27T00:00:00