Vulnerability Description
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System 6120Xp Fabric Interconnect | - |
| Cisco | Unified Computing System 6140Xp Fabric Interconnect | - |
| Cisco | Unified Computing System 6248Up Fabric Interconnect | - |
| Cisco | Unified Computing System 6296Up Fabric Interconnect | - |
| Cisco | Unified Computing System Infrastructure And Unified Computing System Software | 1.4\(1j\) |
| Cisco | Cg-Os | cg4 |
| Cisco | Cgr 1120 | - |
| Cisco | Cgr 1240 | - |
| Cisco | Nx-Os | 5.2 |
| Cisco | Nexus 7000 | - |
| Cisco | Nexus 7000 10-Slot | - |
| Cisco | Nexus 7000 18-Slot | - |
| Cisco | Nexus 7000 9-Slot | - |
| Cisco | Nexus 3016Q | - |
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 3064T | - |
| Cisco | Nexus 3064X | - |
| Cisco | Nexus 3548 | - |
| Cisco | Nexus 5000 | - |
| Cisco | Nexus 5010 | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
FAQ
What is CVE-2014-3261?
CVE-2014-3261 is a vulnerability with a CVSS score of 7.6 (HIGH). Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, N...
How severe is CVE-2014-3261?
CVE-2014-3261 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3261?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System 6120Xp Fabric Interconnect, Cisco Unified Computing System 6140Xp Fabric Interconnect, Cisco Unified Computing System 6248Up Fabric Interconnect, Cisco Unified Computing System 6296Up Fabric Interconnect, Cisco Unified Computing System Infrastructure And Unified Computing System Software.