Lucene search

[email protected]CVE-2018-0330

HistoryJun 20, 2018 - 9:29 p.m.

CVE-2018-0330

2018-06-2021:29:00

CWE-78

CWE-264

[email protected]

web.nvd.nist.gov

cisco

nx-os software

vulnerability

nx-api

mds 9000

nexus switches

cisco bug ids

security advisory

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.

Affected configurations

NVD

Node

cisconx-osRange7.3–7.3\(3\)n1\(1\)

cisconx-osMatch6.0

cisconx-osMatch7.0

cisconx-osMatch7.1

cisconx-osMatch7.2

AND

cisconexus_5000Match-

cisconexus_5010Match-

cisconexus_5020Match-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5696qMatch-

Node

cisconx-osRange7.3–7.3.2d1

cisconx-osRange8.1–8.1.2

cisconx-osMatch6.2

cisconx-osMatch7.2

cisconx-osMatch8.0

cisconx-osMatch8.2

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osRange<7.0\(3\)i3

cisconx-osRange7.0\(3\)i4–7.0\(3\)i7\(1\)

AND

cisconexus_92160yc-xMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180yc-exMatch-

cisconexus_9332pqMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

cisconexus_n9k-c9508-fm-rMatch-

cisconexus_n9k-x9636c-rMatch-

cisconexus_n9k-x9636q-rMatch-

Node

cisconx-osRange<7.0\(3\)i3

cisconx-osRange7.0\(3\)i4–7.0\(3\)i7\(1\)

AND

cisconexus_172tq-xlMatch-

cisconexus_3016Match-

cisconexus_3048Match-

cisconexus_3064-32tMatch-

cisconexus_3064-tMatch-

cisconexus_3064-xMatch-

cisconexus_3100-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132qMatch-

cisconexus_3132q-xMatch-

cisconexus_3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pqMatch-

cisconexus_3172pq-xlMatch-

cisconexus_3172tqMatch-

cisconexus_3172tq-32tMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_34180ycMatch-

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548Match-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

cisconexus_3636c-rMatch-

cisconexus_c36180yc-rMatch-

Node

cisconx-osRange6.0–7.3\(3\)n1\(1\)

AND

cisconexus_6001pMatch-

cisconexus_6001tMatch-

Node

cisconx-osRange7.3–7.3.2d1

cisconx-osRange8.1–8.1\(1a\)

cisconx-osMatch5.2

cisconx-osMatch6.2

cisconx-osMatch8.2

AND

ciscomds_9000Match-

CPENameOperatorVersion
cisco:nx-oscisco nx-oslt7.3\(3\)n1\(1\)
cisco:nx-oscisco nx-oseq6.0
cisco:nx-oscisco nx-oseq7.0
cisco:nx-oscisco nx-oseq7.1
cisco:nx-oscisco nx-oseq7.2

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	lt	7.3\(3\)n1\(1\)
cisco:nx-os	cisco nx-os	eq	6.0
cisco:nx-os	cisco nx-os	eq	7.0
cisco:nx-os	cisco nx-os	eq	7.1
cisco:nx-os	cisco nx-os	eq	7.2

CNA Affected

[
  {
    "product": "Cisco NX-OS unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco NX-OS unknown"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041169

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Related for CVE-2018-0330

cvelist1 nvd1 cisco1 nessus2 prion1