Cisco NX-OS Improper Input Validation (CVE-2014-0677)

medium Tenable OT Security Plugin ID 502712

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://osvdb.org/102368

http://secunia.com/advisories/56611

http://www.nessus.org/u?2a40cf40

http://tools.cisco.com/security/center/viewAlert.x?alertId=32532

http://www.securityfocus.com/bid/65074

http://www.securitytracker.com/id/1029691

https://exchange.xforce.ibmcloud.com/vulnerabilities/90623

Plugin Details

Severity: Medium

ID: 502712

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2014-0677

Vulnerability Information

CPE: cpe:/o:cisco:nx-os:-

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 1/22/2014

Vulnerability Publication Date: 1/22/2014

Reference Information

CVE: CVE-2014-0677

CWE: 20