10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
GNU C library (glibc) vulnerability that has been referred to as GHOST affects BM/Cisco Switches and Directors
CVEID:CVE-2015-0235
**DESCRIPTION:**The gethostbyname functions of the GNU C Library (glibc) are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argument, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the targeted process or cause the process to crash. The impact of an attack depends on the implementation details of the targeted application or operating system. This issue is being referred to as the βGhostβ vulnerability.
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100386for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cisco switches running the 6.2.x and 5.2.x releases
IBM MTM:
9710-E06MDS 9706 Director
9711-S48MDS 9148S Switch
9710-E01MDS 9250i Multilayer Fabric Switch
9710-E08MDS 9710 Director
2054-E01MDS 9222i Multilayer Fabric Switch
2054-E04(2062-D04) MDS 9506 Multilayer Director
**2054-E11 (**2062-E11) MDS 9513 Multilayer Director
2054-E07(2062-D07) MDS 9509 Multilayer Director
2053-424(2417-C24) MDS 9124 Fabric Switch
2053-434(2053-S34) MDS 9134 Fabric Switch
2417-C48MDS 9148 Fabric Switch
3722-S515010 Switch
3722-S525020 Switch
Release 5.2.8f:
_<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rn_528f.html>_
Release 6.2.11b:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/nx-os/mds_nxos_rn_6_2_11b.html
NA