Lucene search

[email protected]CVE-2018-0310

HistoryJun 21, 2018 - 11:29 a.m.

CVE-2018-0310

2018-06-2111:29:00

CWE-399

CWE-125

[email protected]

web.nvd.nist.gov

cisco

vulnerability

fabric services

fxos

nx-os

unauthenticated

remote attacker

dos

memory

nvd

cve-2018-0310

security advisory

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559.

Affected configurations

NVD

Node

cisconx-osMatch7.0\(0\)hsk\(0.357\)

cisconx-osMatch8.1\(0.2\)s0

cisconx-osMatch8.8\(0.1\)

AND

cisconexus_5000Match-

cisconexus_5010Match-

cisconexus_5020Match-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5696qMatch-

Node

cisconexus_7000Match-

cisconexus_7700Match-

AND

cisconx-osMatch8.0\(1\)

Node

cisconexus_92160yc-xMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180yc-exMatch-

cisconexus_9332pqMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

cisconexus_n9k-c9508-fm-rMatch-

cisconexus_n9k-x9636c-rMatch-

cisconexus_n9k-x9636q-rMatch-

AND

cisconx-osMatch8.8\(3.5\)s0

Node

cisconexus_172tq-xlMatch-

cisconexus_3016Match-

cisconexus_3048Match-

cisconexus_3064-32tMatch-

cisconexus_3064-tMatch-

cisconexus_3064-xMatch-

cisconexus_3100-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132qMatch-

cisconexus_3132q-xMatch-

cisconexus_3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pqMatch-

cisconexus_3172pq-xlMatch-

cisconexus_3172tqMatch-

cisconexus_3172tq-32tMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_34180ycMatch-

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548Match-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

cisconexus_3636c-rMatch-

cisconexus_c36180yc-rMatch-

AND

cisconx-osMatch7.0\(3\)i4\(7\)

cisconx-osMatch7.0\(3\)i7\(1\)

Node

cisconexus_2148tMatch-

cisconexus_2224tp_geMatch-

cisconexus_2232pp_10geMatch-

cisconexus_2232tm-e_10geMatch-

cisconexus_2232tm_10geMatch-

cisconexus_2248pq_10geMatch-

cisconexus_2248tp-eMatch-

cisconexus_2248tp_geMatch-

AND

cisconx-osMatch7.0\(0\)hsk\(0.357\)

cisconx-osMatch8.1\(0.2\)s0

cisconx-osMatch8.8\(0.1\)

Node

cisconexus_6001pMatch-

cisconexus_6001tMatch-

AND

cisconx-osMatch7.0\(0\)hsk\(0.357\)

cisconx-osMatch8.1\(0.2\)s0

cisconx-osMatch8.8\(0.1\)

Node

ciscoucs_6120xpMatch-

ciscoucs_6140xpMatch-

ciscoucs_6248upMatch-

ciscoucs_6296upMatch-

ciscoucs_6324Match-

ciscoucs_6332Match-

AND

cisconx-osMatch3.1\(3a\)a

cisconx-osMatch9.9\(0.902\)

Node

ciscofirepower_4110Match-

ciscofirepower_4120Match-

ciscofirepower_4140Match-

ciscofirepower_4150Match-

AND

ciscofirepower_extensible_operating_systemRange1.1–1.1.4.179

ciscofirepower_extensible_operating_systemRange2.0–2.0.1.153

ciscofirepower_extensible_operating_systemRange2.1.1–2.1.1.86

ciscofirepower_extensible_operating_systemRange2.2.1–2.2.1.70

ciscofirepower_extensible_operating_systemRange2.2.2–2.2.2.17

Node

ciscofirepower_9300_security_applianceMatch-

AND

ciscofirepower_extensible_operating_systemRange1.1–1.1.4.179

ciscofirepower_extensible_operating_systemRange2.0–2.0.1.153

ciscofirepower_extensible_operating_systemRange2.1.1–2.1.1.86

ciscofirepower_extensible_operating_systemRange2.2.1–2.2.1.70

ciscofirepower_extensible_operating_systemRange2.2.2–2.2.2.17

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq7.0\(0\)hsk\(0.357\)
cisco:nx-oscisco nx-oseq8.1\(0.2\)s0
cisco:nx-oscisco nx-oseq8.8\(0.1\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	7.0\(0\)hsk\(0.357\)
cisco:nx-os	cisco nx-os	eq	8.1\(0.2\)s0
cisco:nx-os	cisco nx-os	eq	8.8\(0.1\)

CNA Affected

[
  {
    "product": "Cisco FXOS and NX-OS unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco FXOS and NX-OS unknown"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041169

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for CVE-2018-0310

nvd1 prion1 cvelist1 cisco1 nessus2