CVE-2016-1454

EPSS 1.4%
Published 06.10.2016 10:59:03
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload) by leveraging a peer relationship to send a crafted BGP UPDATE message, aka Bug IDs CSCuq77105 and CSCux11417.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Nx-os Version < 6.0\(2\)u6\(7\)

   Cisco ≫ Nexus 3016 Version-
   Cisco ≫ Nexus 3048 Version-
   Cisco ≫ Nexus 31108pc-v Version-
   Cisco ≫ Nexus 31108tc-v Version-
   Cisco ≫ Nexus 31128pq Version-
   Cisco ≫ Nexus 3132q Version-
   Cisco ≫ Nexus 3132q-v Version-
   Cisco ≫ Nexus 3164q Version-
   Cisco ≫ Nexus 3172 Version-
   Cisco ≫ Nexus 3232c Version-
   Cisco ≫ Nexus 3264q Version-

Cisco ≫ Nx-os Version >= 6.1 < 7.0\(3\)i4\(1\)

Cisco ≫ Nx-os Version < 7.1\(4\)n1\(1\)

   Cisco ≫ 5548p Version-
   Cisco ≫ 5548up Version-
   Cisco ≫ 5596t Version-
   Cisco ≫ 5596up Version-
   Cisco ≫ 56128p Version-
   Cisco ≫ 5624q Version-
   Cisco ≫ 5648q Version-
   Cisco ≫ 5672up Version-
   Cisco ≫ 5672up-16g Version-
   Cisco ≫ 5696q Version-
   Cisco ≫ Nexus 6001 Version-
   Cisco ≫ Nexus 6004 Version-

Cisco ≫ Nx-os Version >= 7.2 < 7.2\(2\)n1\(1\)

Cisco ≫ Nx-os Version >= 7.3 < 7.3\(0\)n1\(1\)

Cisco ≫ Nx-os Version < 5.2

Cisco ≫ Nexus 5010 Version-
Cisco ≫ Nexus 5020 Version-

Cisco ≫ Nx-os Version < 7.2\(2\)d1\(1\)

   Cisco ≫ Nexus 7000 10-slot Version-
   Cisco ≫ Nexus 7000 18-slot Version-
   Cisco ≫ Nexus 7000 4-slot Version-
   Cisco ≫ Nexus 7000 9-slot Version-
   Cisco ≫ Nexus 7700 10-slot Version-
   Cisco ≫ Nexus 7700 18-slot Version-
   Cisco ≫ Nexus 7700 2-slot Version-
   Cisco ≫ Nexus 7700 6-slot Version-

Cisco ≫ Nx-os Version >= 7.3 < 7.3\(1\)d1\(1\)

Cisco ≫ Nx-os Version < 5.2\(1\)sv3\(1.15\)

Cisco ≫ Nexus 1000v For Vmware Vsphere Version-

Cisco ≫ Nx-os Version >= 6.1 < 7.0\(3\)i4\(1\)

   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92304qc Version-
   Cisco ≫ Nexus 9236c Version-
   Cisco ≫ Nexus 9272q Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 93128tx Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 9332pq Version-
   Cisco ≫ Nexus 9336pq Aci Spine Version-
   Cisco ≫ Nexus 9372px Version-
   Cisco ≫ Nexus 9372tx Version-
   Cisco ≫ Nexus 9396px Version-
   Cisco ≫ Nexus 9396tx Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9516 Version-

Cisco ≫ Nx-os Version >= 11.0 < 11.1\(1j\)

Cisco ≫ Nx-os Version < 6.0\(2\)a8\(1\)

Cisco ≫ Nexus 3524 Version-
Cisco ≫ Nexus 3548 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.4%	0.786

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp

Vendor Advisory

http://www.securityfocus.com/bid/93417

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1036950

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-1454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1454

EUVD