Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability

2016-10-05T16:00:00
ID CISCO-SA-20161005-OTV
Type cisco
Reporter Cisco
Modified 2016-10-05T14:17:26

Description

A vulnerability in the Overlay Transport Virtualization (OTV) generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an unauthenticated, adjacent attacker to cause a reload of the affected system or to remotely execute code.

The vulnerability is due to incomplete input validation performed on the size of OTV packet header parameters, which can result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted OTV UDP packet to the OTV interface on an affected device. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the OTV related process on the affected device.

Cisco has released software updates that address this vulnerability. A workaround to mitigate this vulnerability is available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv"]