Lucene search

CiscoCVE-2018-0312

HistoryJun 20, 2018 - 9:29 p.m.

CVE-2018-0312

2018-06-2021:29:00

CWE-119

CWE-20

cisco

web.nvd.nist.gov

cisco

fabric services

fxos software

nx-os software

vulnerability

cve-2018-0312

remote attacker

execution

denial of service

dos

buffer overflow

cisco bug ids

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.035

Percentile

91.5%

JSON

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code or cause a DoS condition on the device. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69962, CSCve02808, CSCve02810, CSCve02812, CSCve02819, CSCve02822, CSCve02831, CSCve04859.

Affected configurations

Nvd

Node

cisconexus_7000_firmwareMatch7.3\(2\)d1\(0.49\)

cisconexus_7000_firmwareMatch8.0\(1\)

cisconexus_7000_firmwareMatch8.1\(0.112\)s0

AND

cisconexus_7000Match-

Node

cisconexus_5000_firmwareMatch7.0\(0\)hsk\(0.357\)

AND

cisconexus_3000Match-

Node

ciscofirepower_9000_firmwareMatchr211

ciscofirepower_9000_firmwareMatchr231

AND

ciscofirepower_9000Match-

Node

cisconexus_9000_firmwareMatch8.1\(0\)bd\(0.20\)

cisconexus_9000_firmwareMatch8.1\(1\)s4

AND

cisconexus_9000Match-

Node

ciscounified_computing_system_firmwareMatch3.1\(3a\)a

AND

ciscounified_computing_systemMatch-

VendorProductVersionCPE
cisconexus_7000_firmware7.3(2)d1(0.49)cpe:2.3:o:cisco:nexus_7000_firmware:7.3\(2\)d1\(0.49\):*:*:*:*:*:*:*
cisconexus_7000_firmware8.0(1)cpe:2.3:o:cisco:nexus_7000_firmware:8.0\(1\):*:*:*:*:*:*:*
cisconexus_7000_firmware8.1(0.112)s0cpe:2.3:o:cisco:nexus_7000_firmware:8.1\(0.112\)s0:*:*:*:*:*:*:*
cisconexus_7000-cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*
cisconexus_5000_firmware7.0(0)hsk(0.357)cpe:2.3:o:cisco:nexus_5000_firmware:7.0\(0\)hsk\(0.357\):*:*:*:*:*:*:*
cisconexus_3000-cpe:2.3:h:cisco:nexus_3000:-:*:*:*:*:*:*:*
ciscofirepower_9000_firmwarer211cpe:2.3:o:cisco:firepower_9000_firmware:r211:*:*:*:*:*:*:*
ciscofirepower_9000_firmwarer231cpe:2.3:o:cisco:firepower_9000_firmware:r231:*:*:*:*:*:*:*
ciscofirepower_9000-cpe:2.3:h:cisco:firepower_9000:-:*:*:*:*:*:*:*
cisconexus_9000_firmware8.1(0)bd(0.20)cpe:2.3:o:cisco:nexus_9000_firmware:8.1\(0\)bd\(0.20\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nexus_7000_firmware	7.3(2)d1(0.49)	cpe:2.3:o:cisco:nexus_7000_firmware:7.3\(2\)d1\(0.49\):::::::*
cisco	nexus_7000_firmware	8.0(1)	cpe:2.3:o:cisco:nexus_7000_firmware:8.0\(1\):::::::*
cisco	nexus_7000_firmware	8.1(0.112)s0	cpe:2.3:o:cisco:nexus_7000_firmware:8.1\(0.112\)s0:::::::*
cisco	nexus_7000	-	cpe:2.3:h:cisco:nexus_7000:-:::::::*
cisco	nexus_5000_firmware	7.0(0)hsk(0.357)	cpe:2.3:o:cisco:nexus_5000_firmware:7.0\(0\)hsk\(0.357\):::::::*
cisco	nexus_3000	-	cpe:2.3:h:cisco:nexus_3000:-:::::::*
cisco	firepower_9000_firmware	r211	cpe:2.3:o:cisco:firepower_9000_firmware:r211:::::::*
cisco	firepower_9000_firmware	r231	cpe:2.3:o:cisco:firepower_9000_firmware:r231:::::::*
cisco	firepower_9000	-	cpe:2.3:h:cisco:firepower_9000:-:::::::*
cisco	nexus_9000_firmware	8.1(0)bd(0.20)	cpe:2.3:o:cisco:nexus_9000_firmware:8.1\(0\)bd\(0.20\):::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "Cisco FXOS and NX-OS unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco FXOS and NX-OS unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104515

www.securitytracker.com/id/1041169

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.035

Percentile

91.5%

JSON

Related for CVE-2018-0312