Skip to main content

Severity by source

NVD PRIMARY
8.3 HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Adjacent
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Apr 25, 2013 - 10:55 cve.org
HIGH 8.3

DescriptionCVE.org

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275.

AnalysisAI

Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(4) and 6.x before 6.1(1), Nexus 5000 and 5500 devices 4.x and 5.x before 5.1(3)N1(1), Nexus 4000 devices before 4.1(2)E1(1h), Nexus 3000 devices 5.x before 5.0(3)U3(1), Nexus 1000V devices 4.x before 4.2(1)SV1(5.1), MDS 9000 devices 4.x and 5.x before 5.2(4), Unified Computing System (UCS) 6100 and 6200 devices before 2.0(2m), and Connected Grid Router (CGR) 1000 devices before CG4(1) allow remote attackers to execute arbitrary code via malformed CDP packets, aka Bug IDs CSCtu10630, CSCtu10551, CSCtu10550, CSCtw56581, CSCtu10548, CSCtu10544, and CSCuf61275. Affected products include: Cisco Nx-Os, Cisco Nexus 7000, Cisco Nexus 7000 10-Slot, Cisco Nexus 7000 18-Slot, Cisco Nexus 7000 9-Slot. Version information: before 5.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Nx Os

View all
CVE-2016-1453 CRITICAL
9.8 Oct 06

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 a

CVE-2019-1617 HIGH POC
7.4 Mar 11

A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco N

CVE-2013-1180 CRITICAL
9.0 Apr 25

Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 7000 devices 4.x and 5.x before 5.2(5) and 6.x before

CVE-2013-1179 CRITICAL
9.0 Apr 25

Multiple buffer overflows in the (1) SNMP and (2) License Manager implementations in Cisco NX-OS on Nexus 7000 devices 4

CVE-2016-1341 CRITICAL
9.8 Feb 24

Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, w

CVE-2018-0310 CRITICAL
9.8 Jun 21

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an un

CVE-2018-0301 CRITICAL
9.8 Jun 20

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a

CVE-2015-4235 CRITICAL
9.0 Jul 24

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) an

CVE-2021-1361 CRITICAL
9.1 Feb 24

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Ci

CVE-2017-3883 HIGH
8.6 Oct 19

A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible

CVE-2014-3341 MEDIUM
5.0 Aug 19

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages

CVE-2016-1302 HIGH
8.8 Feb 07

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) an

Share

CVE-2013-1178 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy