Lucene search

CiscoCVE-2018-0304

HistoryJun 20, 2018 - 9:29 p.m.

CVE-2018-0304

2018-06-2021:29:00

CWE-125

CWE-20

cisco

web.nvd.nist.gov

cisco

fabric services

vulnerability

cve-2018-0304

security

fxos software

nx-os software

denial of service

dos

remote attack

root access

buffer overflow

nexus

firepower

mds

ucs

nvd

cscvd69951

cscve02459

cscve02461

cscve02463

cscve02474

cscve04859

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.035

Percentile

91.5%

JSON

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component, which could allow the attacker to read sensitive memory content, create a DoS condition, or execute arbitrary code as root. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69951, CSCve02459, CSCve02461, CSCve02463, CSCve02474, CSCve04859.

Affected configurations

Nvd

Node

cisconexus_7000_firmwareMatch7.3\(2\)d1\(0.49\)

cisconexus_7000_firmwareMatch8.0\(1\)

cisconexus_7000_firmwareMatch8.1\(0.112\)s0

AND

cisconexus_7000Match-

Node

cisconexus_5000_firmwareMatch7.0\(0\)hsk\(0.357\)

cisconexus_5000_firmwareMatch7.3\(0\)d1\(0.98\)

cisconexus_5000_firmwareMatch8.1\(0.2\)s0

AND

cisconexus_5000Match-

Node

ciscofirepower_9000_firmwareMatchr211

ciscofirepower_9000_firmwareMatchr231

AND

ciscofirepower_9000Match-

Node

cisconexus_9000_firmwareMatch8.1\(0\)bd\(0.20\)

cisconexus_9000_firmwareMatch8.1\(1\)s4

AND

cisconexus_9000Match-

Node

ciscounified_computing_system_firmwareMatch3.1\(3a\)a

ciscounified_computing_system_firmwareMatch7.0\(0\)hsk\(0.357\)

AND

ciscounified_computing_systemMatch-

VendorProductVersionCPE
cisconexus_7000_firmware7.3(2)d1(0.49)cpe:2.3:o:cisco:nexus_7000_firmware:7.3\(2\)d1\(0.49\):*:*:*:*:*:*:*
cisconexus_7000_firmware8.0(1)cpe:2.3:o:cisco:nexus_7000_firmware:8.0\(1\):*:*:*:*:*:*:*
cisconexus_7000_firmware8.1(0.112)s0cpe:2.3:o:cisco:nexus_7000_firmware:8.1\(0.112\)s0:*:*:*:*:*:*:*
cisconexus_7000-cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*
cisconexus_5000_firmware7.0(0)hsk(0.357)cpe:2.3:o:cisco:nexus_5000_firmware:7.0\(0\)hsk\(0.357\):*:*:*:*:*:*:*
cisconexus_5000_firmware7.3(0)d1(0.98)cpe:2.3:o:cisco:nexus_5000_firmware:7.3\(0\)d1\(0.98\):*:*:*:*:*:*:*
cisconexus_5000_firmware8.1(0.2)s0cpe:2.3:o:cisco:nexus_5000_firmware:8.1\(0.2\)s0:*:*:*:*:*:*:*
cisconexus_5000-cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*
ciscofirepower_9000_firmwarer211cpe:2.3:o:cisco:firepower_9000_firmware:r211:*:*:*:*:*:*:*
ciscofirepower_9000_firmwarer231cpe:2.3:o:cisco:firepower_9000_firmware:r231:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nexus_7000_firmware	7.3(2)d1(0.49)	cpe:2.3:o:cisco:nexus_7000_firmware:7.3\(2\)d1\(0.49\):::::::*
cisco	nexus_7000_firmware	8.0(1)	cpe:2.3:o:cisco:nexus_7000_firmware:8.0\(1\):::::::*
cisco	nexus_7000_firmware	8.1(0.112)s0	cpe:2.3:o:cisco:nexus_7000_firmware:8.1\(0.112\)s0:::::::*
cisco	nexus_7000	-	cpe:2.3:h:cisco:nexus_7000:-:::::::*
cisco	nexus_5000_firmware	7.0(0)hsk(0.357)	cpe:2.3:o:cisco:nexus_5000_firmware:7.0\(0\)hsk\(0.357\):::::::*
cisco	nexus_5000_firmware	7.3(0)d1(0.98)	cpe:2.3:o:cisco:nexus_5000_firmware:7.3\(0\)d1\(0.98\):::::::*
cisco	nexus_5000_firmware	8.1(0.2)s0	cpe:2.3:o:cisco:nexus_5000_firmware:8.1\(0.2\)s0:::::::*
cisco	nexus_5000	-	cpe:2.3:h:cisco:nexus_5000:-:::::::*
cisco	firepower_9000_firmware	r211	cpe:2.3:o:cisco:firepower_9000_firmware:r211:::::::*
cisco	firepower_9000_firmware	r231	cpe:2.3:o:cisco:firepower_9000_firmware:r231:::::::*

Rows per page:

1-10 of 171

CNA Affected

[
  {
    "product": "Cisco FXOS and NX-OS unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco FXOS and NX-OS unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104513

www.securitytracker.com/id/1041169

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.035

Percentile

91.5%

JSON

Related for CVE-2018-0304