Vulnerability Details : CVE-2015-4323
Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices 7.3(0)ZN(0.9); and MDS 9000 devices 6.2 (13) and 7.1(0)ZN(91.99) and MDS SAN-OS 7.1(0)ZN(91.99) allows remote attackers to cause a denial of service (device outage) via a crafted ARP packet, related to incorrect MTU validation, aka Bug IDs CSCuv71933, CSCuv61341, CSCuv61321, CSCuu78074, CSCut37060, CSCuv61266, CSCuv61351, CSCuv61358, and CSCuv61366.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-4323
- cpe:2.3:o:cisco:nx-os:4.1\(2\)e1\(1b\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:6.2\(14\)s1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:6.0\(2\)u5\(1.41\):*:*:*:*:*:*:*When used together with: Cisco » Nexus 31128pq
- cpe:2.3:o:cisco:nx-os:7.0\(3\)i2\(0.373\):*:*:*:*:*:*:*When used together with: Cisco » Nexus 31128pq
- cpe:2.3:o:cisco:nx-os:7.3\(0\)zn\(0.83\):*:*:*:*:*:*:*When used together with: Cisco » Nexus 31128pq
- cpe:2.3:o:cisco:nx-os:7.3\(0\)zn\(0.9\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mds_9000_nx-os:6.2\(13\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:mds_9000_nx-os:7.1\(0\)zn\(91.99\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4323
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4323
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST |
CWE ids for CVE-2015-4323
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4323
-
http://www.securityfocus.com/bid/76367
Multiple Cisco Nexus Devices CVE-2015-4323 Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1033321
Cisco NX-OS ARP Processing Input Validation Flaw Lets Remote Users Deny Service - SecurityTracker
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=40469
Cisco Nexus Operating System Address Resolution Protocol Denial of Service VulnerabilityVendor Advisory
Jump to