CVE-2015-4324

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908.

CVSS v2.0 6.1 MEDIUM

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=40470	Vendor Advisory
http://www.securityfocus.com/bid/76372	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033327	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:7.3\(0\)zn\(0.81\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172:-:::::::*
	cpe:2.3:h:cisco:nexus_3232c:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q:-:::::::*
	cpe:2.3:h:cisco:nexus_3524:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq::::::::
	cpe:2.3:h:cisco:nexus_3016:-:::::::*
	cpe:2.3:h:cisco:nexus_3064:-:::::::*
	cpe:2.3:h:cisco:nexus_3548:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:nx-os:7.3\(0\)zn\(0.81\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px:-:::::::*
	cpe:2.3:h:cisco:nexus_9396px:-:::::::*
	cpe:2.3:h:cisco:nexus_9332pq:-:::::::*
	cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:nx-os:7.3\(0\)zn\(0.81\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:nexus_1000v:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:nx-os:4.1\(2\)e1\(1c\):*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_4001i:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cisco:nx-os:7.2\(0\)n1\(0.1\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7700:-:::::::*

Information

Published : 2015-08-19 08:59

Updated : 2017-01-04 08:10

NVD link : CVE-2015-4324

Mitre link : CVE-2015-4324

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

cisco

nexus_9336pq_aci_spine
nexus_9372px
nexus_4001i
nexus_3164q
nexus_3132q
nexus_93120tx
nexus_3172
nexus_3016
nexus_3264q
nexus_1000v
nexus_3524
nexus_9516
nexus_3232c
nexus_7700
nexus_9504
nexus_3548
nexus_93128tx
nexus_9372tx
nx-os
nexus_9396px
nexus_9332pq
nexus_7000
nexus_3048
nexus_31128pq
nexus_3064
nexus_9508
nexus_9396tx

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2015-4324

6.1^/10

Attach tags to `CVE-2015-4324`