Lucene search

[email protected]CVE-2018-0092

HistoryJan 18, 2018 - 6:29 a.m.

CVE-2018-0092

2018-01-1806:29:00

CWE-264

CWE-862

[email protected]

web.nvd.nist.gov

cisco

nx-os

system software

vulnerability

cve-2018-0092

authentication

rbac

cisco bug id

nvd

nexus 3000

nexus 3600

nexus 9000

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the network-operator role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. The attacker would need valid user credentials for the device. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 3600 Platform Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvg21120.

Affected configurations

NVD

Node

cisconx-osMatch7.0\(3\)i5\(2\)

cisconx-osMatch7.0\(3\)i6\(1\)

cisconx-osMatch7.0\(3\)i7\(1\)

AND

cisconexus_92160yc_switchMatch-

cisconexus_92300yc_switchMatch-

cisconexus_92304qc_switchMatch-

cisconexus_9236c_switchMatch-

cisconexus_9272q_switchMatch-

cisconexus_93108tc-ex_switchMatch-

cisconexus_93120tx_switchMatch-

cisconexus_93128tx_switchMatch-

cisconexus_93180lc-ex_switchMatch-

cisconexus_93180yc-ex_switchMatch-

cisconexus_9332pq_switchMatch-

cisconexus_9336pq_aci_spine_switchMatch-

cisconexus_9372px-e_switchMatch-

cisconexus_9372px_switchMatch-

cisconexus_9372tx-e_switchMatch-

cisconexus_9372tx_switchMatch-

cisconexus_9396px_switchMatch-

cisconexus_9396tx_switchMatch-

cisconexus_9508_switchMatch-

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq7.0\(3\)i5\(2\)
cisco:nx-oscisco nx-oseq7.0\(3\)i6\(1\)
cisco:nx-oscisco nx-oseq7.0\(3\)i7\(1\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	7.0\(3\)i5\(2\)
cisco:nx-os	cisco nx-os	eq	7.0\(3\)i6\(1\)
cisco:nx-os	cisco nx-os	eq	7.0\(3\)i7\(1\)

CNA Affected

[
  {
    "product": "Cisco NX-OS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco NX-OS"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102750

www.securitytracker.com/id/1040248

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-0092

prion1 cisco1 nvd1 nessus1 cvelist1