CVE-2016-1465
First published: Thu Jul 28 2016(Updated: )
Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Discovery Protocol packet that triggers an out-of-bounds memory access, aka Bug ID CSCuw57985.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco NX-OS | =4.0\(4\)sv1\(1\) | |
| Cisco NX-OS | =4.0\(4\)sv1\(2\) | |
| Cisco NX-OS | =4.0\(4\)sv1\(3\) | |
| Cisco NX-OS | =4.0\(4\)sv1\(3a\) | |
| Cisco NX-OS | =4.0\(4\)sv1\(3b\) | |
| Cisco NX-OS | =4.0\(4\)sv1\(3c\) | |
| Cisco NX-OS | =4.0\(4\)sv1\(3d\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(4\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(4a\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(4b\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(5.1\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(5.1a\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(5.2\) | |
| Cisco NX-OS | =4.2\(1\)sv1\(5.2b\) | |
| Cisco NX-OS | =4.2\(1\)sv2\(1.1\) | |
| Cisco NX-OS | =4.2\(1\)sv2\(1.1a\) | |
| Cisco NX-OS | =4.2\(1\)sv2\(2.1\) | |
| Cisco NX-OS | =4.2\(1\)sv2\(2.1a\) | |
| Cisco NX-OS | =5.2\(1\)sv3\(1.1\) | |
| Cisco NX-OS | =5.2\(1\)sv3\(1.3\) | |
| Cisco NX-OS | =5.2\(1\)sv3\(1.4\) | |
| Cisco Nexus 1000V for Hyper-V |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1465?
The severity of CVE-2016-1465 is classified as high, leading to potential denial of service.
How do I fix CVE-2016-1465?
To resolve CVE-2016-1465, upgrade your Cisco Nexus 1000V devices to a version that is 5.2(1)SV3(1.5i) or later.
What does CVE-2016-1465 affect?
CVE-2016-1465 affects Cisco Nexus 1000V Application Virtual Switch devices running vulnerable versions of NX-OS.
What type of vulnerability is CVE-2016-1465?
CVE-2016-1465 is a remote denial-of-service vulnerability caused by out-of-bounds memory access.
Can CVE-2016-1465 be exploited remotely?
Yes, CVE-2016-1465 can be exploited remotely by sending a crafted Cisco Discovery Protocol packet.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco nx-os
- version/cisco nx-os/4.0\(4\)sv1\(1\)
- version/cisco nx-os/4.0\(4\)sv1\(2\)
- version/cisco nx-os/4.0\(4\)sv1\(3\)
- version/cisco nx-os/4.0\(4\)sv1\(3a\)
- version/cisco nx-os/4.0\(4\)sv1\(3b\)
- version/cisco nx-os/4.0\(4\)sv1\(3c\)
- version/cisco nx-os/4.0\(4\)sv1\(3d\)
- version/cisco nx-os/4.2\(1\)sv1\(4\)
- version/cisco nx-os/4.2\(1\)sv1\(4a\)
- version/cisco nx-os/4.2\(1\)sv1\(4b\)
- version/cisco nx-os/4.2\(1\)sv1\(5.1\)
- version/cisco nx-os/4.2\(1\)sv1\(5.1a\)
- version/cisco nx-os/4.2\(1\)sv1\(5.2\)
- version/cisco nx-os/4.2\(1\)sv1\(5.2b\)
- version/cisco nx-os/4.2\(1\)sv2\(1.1\)
- version/cisco nx-os/4.2\(1\)sv2\(1.1a\)
- version/cisco nx-os/4.2\(1\)sv2\(2.1\)
- version/cisco nx-os/4.2\(1\)sv2\(2.1a\)
- version/cisco nx-os/5.2\(1\)sv3\(1.1\)
- version/cisco nx-os/5.2\(1\)sv3\(1.3\)
- version/cisco nx-os/5.2\(1\)sv3\(1.4\)
- canonical/cisco nexus 1000v for hyper-v