CVE-2015-4324 : Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)Z

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908.

Published 2015-08-19 15:59:07

Updated 2025-04-12 10:46:41

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Products affected by CVE-2015-4324

Cisco » Nx-os » Version: 7.3(0)zn(0.81)
cpe:2.3:o:cisco:nx-os:7.3\(0\)zn\(0.81\):*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 3016 » Version: N/A
When used together with: Cisco » Nexus 3048 » Version: N/A
When used together with: Cisco » Nexus 3064 » Version: N/A
When used together with: Cisco » Nexus 31128pq
When used together with: Cisco » Nexus 3132q » Version: N/A
When used together with: Cisco » Nexus 3164q » Version: N/A
When used together with: Cisco » Nexus 3172 » Version: N/A
When used together with: Cisco » Nexus 3232c » Version: N/A
When used together with: Cisco » Nexus 3264q » Version: N/A
When used together with: Cisco » Nexus 3524 » Version: N/A
When used together with: Cisco » Nexus 3548 » Version: N/A
Cisco » Nx-os » Version: 4.1(2)e1(1c)
cpe:2.3:o:cisco:nx-os:4.1\(2\)e1\(1c\):*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 4001i » Version: N/A
Cisco » Nx-os » Version: 7.2(0)n1(0.1)
cpe:2.3:o:cisco:nx-os:7.2\(0\)n1\(0.1\):*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Nexus 7000 » Version: N/A
When used together with: Cisco » Nexus 7700 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2015-4324

EPSS FAQ

1.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-4324

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.1	MEDIUM	AV:A/AC:L/Au:N/C:N/I:N/A:C	6.5	6.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-4324

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-4324

http://tools.cisco.com/security/center/viewAlert.x?alertId=40470

Cisco NX-OS Internet Group Management Protocol Denial of Service Vulnerability
Vendor Advisory
http://www.securityfocus.com/bid/76372

Cisco NX-OS Software CVE-2015-4324 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1033327

Cisco NX-OS IGMPv3 Buffer Overflow Lets Remote Users Cause the Target Service to Crash - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2015-4324

Products affected by CVE-2015-4324

Exploit prediction scoring system (EPSS) score for CVE-2015-4324

CVSS scores for CVE-2015-4324

CWE ids for CVE-2015-4324

References for CVE-2015-4324