CVE-2014-3261

Published: May 26, 2014Modified: May 6, 2026

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 4.9 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.

Affected (75)

Products: Cisco: Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect, Unified Computing System 6296up Fabric Interconnect, Cg Os, Cgr 1120, Cgr 1240, Nx Os, Nexus 7000, Nexus 7000 10 Slot, Nexus 7000 18 Slot, Nexus 7000 9 Slot, Unified Computing System Infrastructure And Unified Computing System Software, Nexus 3016q, Nexus 3048, Nexus 3064t, Nexus 3064x, Nexus 3548, Nexus 5000, Nexus 5010, Nexus 5010p Switch, Nexus 5020, Nexus 5020p Switch, Nexus 5548p, Nexus 5548up, Nexus 5596up, Nexus 4001i

Cisco

27 products

Unified Computing System 6120xp Fabric Interconnect

Unified Computing System 6140xp Fabric Interconnect

Unified Computing System 6248up Fabric Interconnect

Unified Computing System 6296up Fabric Interconnect

Unified Computing System Infrastructure And Unified Computing System Software

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Computing System 6120xp Fabric Interconnect	All versions
Cisco Unified Computing System 6140xp Fabric Interconnect	All versions
Cisco Unified Computing System 6248up Fabric Interconnect	All versions
Cisco Unified Computing System 6296up Fabric Interconnect	All versions

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Cg Os	Version cg4
Cisco Cg Os	Version cg4(1)
Cisco Cgr 1120	All versions
Cisco Cgr 1240	All versions

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 5.2
Cisco Nx Os	Version 5.2(1)
Cisco Nx Os	Version 5.2(3)
Cisco Nexus 7000	All versions
Cisco Nexus 7000 10 Slot	All versions
Cisco Nexus 7000 18 Slot	All versions
Cisco Nexus 7000 9 Slot	All versions

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	All versions
Cisco Unified Computing System Infrastructure And Unified Computing System Software	Version 1.4(1j)
Cisco Nexus 3016q	All versions
Cisco Nexus 3048	All versions
Cisco Nexus 3064t	All versions
Cisco Nexus 3064x	All versions
Cisco Nexus 3548	All versions

Configuration E

51 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 5.0
Cisco Nx Os	Version 5.0(2)
Cisco Nx Os	Version 5.0(2)n1(1)
Cisco Nx Os	Version 5.0(2)n2(1)
Cisco Nx Os	Version 5.0(2)n2(1a)
Cisco Nx Os	Version 5.0(2a)
Cisco Nx Os	Version 5.0(3)
Cisco Nx Os	Version 5.0(3)n1(1)
Cisco Nx Os	Version 5.0(3)n1(1a)
Cisco Nx Os	Version 5.0(3)n1(1b)
Cisco Nx Os	Version 5.0(3)n1(1c)
Cisco Nx Os	Version 5.0(3)n2(1)
Cisco Nx Os	Version 5.0(3)n2(2)
Cisco Nx Os	Version 5.0(3)n2(2a)
Cisco Nx Os	Version 5.0(3)n2(2b)
Cisco Nx Os	Version 5.0(3)u1(1a)
Cisco Nx Os	Version 5.0(3)u1(1b)
Cisco Nx Os	Version 5.0(3)u1(1d)
Cisco Nx Os	Version 5.0(3)u1(2)
Cisco Nx Os	Version 5.0(3)u1(2a)
Cisco Nx Os	Version 5.0(3)u2(1)
Cisco Nx Os	Version 5.0(3)u2(2)
Cisco Nx Os	Version 5.0(3)u2(2a)
Cisco Nx Os	Version 5.0(3)u2(2b)
Cisco Nx Os	Version 5.0(3)u2(2c)
Cisco Nx Os	Version 5.0(3)u2(2d)
Cisco Nx Os	Version 5.0(3)u3(1)
Cisco Nx Os	Version 5.0(3)u3(2)
Cisco Nx Os	Version 5.0(3)u3(2a)
Cisco Nx Os	Version 5.0(3)u3(2b)
Cisco Nx Os	Version 5.0(3)u4(1)
Cisco Nx Os	Version 5.0(3)u5(1)
Cisco Nx Os	Version 5.0(3)u5(1a)
Cisco Nx Os	Version 5.0(3)u5(1b)
Cisco Nx Os	Version 5.0(3)u5(1c)
Cisco Nx Os	Version 5.0(3)u5(1d)
Cisco Nx Os	Version 5.0(3)u5(1e)
Cisco Nx Os	Version 5.0(5)
Cisco Nx Os	Version 5.1
Cisco Nx Os	Version 5.1(1)
Cisco Nx Os	Version 5.1(1a)
Cisco Nx Os	Version 5.1(2)
Cisco Nx Os	Version 5.1(3)
Cisco Nexus 5000	All versions
Cisco Nexus 5010	All versions
Cisco Nexus 5010p Switch	All versions
Cisco Nexus 5020	All versions
Cisco Nexus 5020p Switch	All versions
Cisco Nexus 5548p	All versions
Cisco Nexus 5548up	All versions
Cisco Nexus 5596up	All versions

Configuration F

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 4.1.(2)
Cisco Nexus 4001i	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.