Lucene search

[email protected]CVE-2018-0311

HistoryJun 21, 2018 - 11:29 a.m.

CVE-2018-0311

2018-06-2111:29:00

CWE-119

CWE-399

[email protected]

web.nvd.nist.gov

cisco

fabric services

vulnerability

dos

remote attack

buffer overflow

firepower

nexus

mds

ucs

nvd

cve-2018-0311

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69960, CSCve02463, CSCve04859, CSCve41530, CSCve41537, CSCve41541, CSCve41557.

Affected configurations

NVD

Node

cisconx-osMatch7.0\(0\)hsk\(0.357\)

cisconx-osMatch8.1\(0.2\)s0

cisconx-osMatch8.8\(0.1\)

AND

cisconexus_5000Match-

cisconexus_5010Match-

cisconexus_5020Match-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5696qMatch-

Node

cisconx-osMatch8.0\(1\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osMatch8.8\(3.5\)s0

AND

cisconexus_92160yc-xMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180yc-exMatch-

cisconexus_9332pqMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

cisconexus_n9k-c9508-fm-rMatch-

cisconexus_n9k-x9636c-rMatch-

cisconexus_n9k-x9636q-rMatch-

Node

cisconx-osMatch6.0\(2\)a8\(9\)

cisconx-osMatch7.0\(3\)i4\(7\)

cisconx-osMatch7.0\(3\)i6\(2\)

AND

cisconexus_172tq-xlMatch-

cisconexus_3016Match-

cisconexus_3048Match-

cisconexus_3064-32tMatch-

cisconexus_3064-tMatch-

cisconexus_3064-xMatch-

cisconexus_3100-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132qMatch-

cisconexus_3132q-xMatch-

cisconexus_3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pqMatch-

cisconexus_3172pq-xlMatch-

cisconexus_3172tqMatch-

cisconexus_3172tq-32tMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_34180ycMatch-

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548Match-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

cisconexus_3636c-rMatch-

cisconexus_c36180yc-rMatch-

Node

cisconx-osRange<7.3\(3\)n1\(1\)

AND

cisconexus_2148tMatch-

cisconexus_2224tp_geMatch-

cisconexus_2232pp_10geMatch-

cisconexus_2232tm-e_10geMatch-

cisconexus_2232tm_10geMatch-

cisconexus_2248pq_10geMatch-

cisconexus_2248tp-eMatch-

cisconexus_2248tp_geMatch-

Node

cisconx-osMatch7.0\(0\)hsk\(0.357\)

cisconx-osMatch8.1\(0.2\)s0

cisconx-osMatch8.8\(0.1\)

AND

cisconexus_6001pMatch-

cisconexus_6001tMatch-

Node

cisconx-osRange<3.2\(b\)

AND

ciscoucs_6120xpMatch-

ciscoucs_6140xpMatch-

ciscoucs_6248upMatch-

ciscoucs_6296upMatch-

ciscoucs_6324Match-

ciscoucs_6332Match-

Node

ciscofirepower_extensible_operating_systemRange1.1–1.1.4.179

ciscofirepower_extensible_operating_systemRange2.0–2.0.1.153

ciscofirepower_extensible_operating_systemRange2.1.1–2.1.1.86

ciscofirepower_extensible_operating_systemRange2.2.1–2.2.1.70

ciscofirepower_extensible_operating_systemRange2.2.2–2.2.2.17

AND

ciscofirepower_4110Match-

ciscofirepower_4120Match-

ciscofirepower_4140Match-

ciscofirepower_4150Match-

Node

ciscofirepower_extensible_operating_systemRange1.1–1.1.4.179

ciscofirepower_extensible_operating_systemRange2.0–2.0.1.153

ciscofirepower_extensible_operating_systemRange2.1.1–2.1.1.86

ciscofirepower_extensible_operating_systemRange2.2.1–2.2.1.70

ciscofirepower_extensible_operating_systemRange2.2.2–2.2.2.17

AND

ciscofirepower_9300_security_applianceMatch-

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq7.0\(0\)hsk\(0.357\)
cisco:nx-oscisco nx-oseq8.1\(0.2\)s0
cisco:nx-oscisco nx-oseq8.8\(0.1\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	7.0\(0\)hsk\(0.357\)
cisco:nx-os	cisco nx-os	eq	8.1\(0.2\)s0
cisco:nx-os	cisco nx-os	eq	8.8\(0.1\)

CNA Affected

[
  {
    "product": "Cisco FXOS and NX-OS unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco FXOS and NX-OS unknown"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041169

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for CVE-2018-0311

nvd1 prion1 cvelist1 nessus2 cisco1