CVE-2016-1453

critical-risk

Published 2016-10-06

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.

Do I need to act?

26.1% chance of exploitation in next 30 days

EPSS score — higher than 74% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Nx-Os

Affected Vendors

Cisco

References (6)

Mitigation http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

Not Applicable http://www.securityfocus.com/bid/93409

Not Applicable http://www.securitytracker.com/id/1036946

Mitigation http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

Not Applicable http://www.securityfocus.com/bid/93409

Not Applicable http://www.securitytracker.com/id/1036946

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 15/34 · Moderate

Exposure 25/34 · High