Lucene search

[email protected]NVD:CVE-2018-0313

HistoryJun 21, 2018 - 11:29 a.m.

CVE-2018-0313

2018-06-2111:29:00

CWE-74

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234.

Affected configurations

Nvd

Node

cisconx-osMatch7.0\(0\)hsk\(0.357\)

AND

cisconexus_5000Match-

cisconexus_5010Match-

cisconexus_5020Match-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5696qMatch-

Node

cisconx-osMatch8.0\(1\)s20

cisconx-osMatch8.1\(0\)bd\(0.20\)

cisconx-osMatch8.1\(0.97\)s0

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osMatch8.1\(0\)bd\(0.20\)

cisconx-osMatch8.1\(1\)s5

AND

cisconexus_92160yc-xMatch-

cisconexus_92304qcMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_93180yc-exMatch-

cisconexus_9332pqMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

cisconexus_n9k-c9508-fm-rMatch-

cisconexus_n9k-x9636c-rMatch-

cisconexus_n9k-x9636q-rMatch-

Node

cisconx-osMatch-

AND

cisconexus_172tq-xlMatch-

cisconexus_3016Match-

cisconexus_3048Match-

cisconexus_3064-32tMatch-

cisconexus_3064-tMatch-

cisconexus_3064-xMatch-

cisconexus_3100-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132qMatch-

cisconexus_3132q-xMatch-

cisconexus_3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pqMatch-

cisconexus_3172pq-xlMatch-

cisconexus_3172tqMatch-

cisconexus_3172tq-32tMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_34180ycMatch-

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548Match-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

cisconexus_3636c-rMatch-

cisconexus_c36180yc-rMatch-

Node

cisconx-osMatch-

AND

cisconexus_2148tMatch-

cisconexus_2224tp_geMatch-

cisconexus_2232pp_10geMatch-

cisconexus_2232tm-e_10geMatch-

cisconexus_2232tm_10geMatch-

cisconexus_2248pq_10geMatch-

cisconexus_2248tp-eMatch-

cisconexus_2248tp_geMatch-

Node

cisconx-osMatch-

AND

cisconexus_6001pMatch-

cisconexus_6001tMatch-

VendorProductVersionCPE
cisconx-os7.0(0)hsk(0.357)cpe:2.3:o:cisco:nx-os:7.0\(0\)hsk\(0.357\):*:*:*:*:*:*:*
cisconexus_5000-cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*
cisconexus_5010-cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*
cisconexus_5020-cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*
cisconexus_5548p-cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*
cisconexus_5548up-cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*
cisconexus_5596t-cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*
cisconexus_5596up-cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*
cisconexus_56128p-cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*
cisconexus_5624q-cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	7.0(0)hsk(0.357)	cpe:2.3:o:cisco:nx-os:7.0\(0\)hsk\(0.357\):::::::*
cisco	nexus_5000	-	cpe:2.3:h:cisco:nexus_5000:-:::::::*
cisco	nexus_5010	-	cpe:2.3:h:cisco:nexus_5010:-:::::::*
cisco	nexus_5020	-	cpe:2.3:h:cisco:nexus_5020:-:::::::*
cisco	nexus_5548p	-	cpe:2.3:h:cisco:nexus_5548p:-:::::::*
cisco	nexus_5548up	-	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
cisco	nexus_5596t	-	cpe:2.3:h:cisco:nexus_5596t:-:::::::*
cisco	nexus_5596up	-	cpe:2.3:h:cisco:nexus_5596up:-:::::::*
cisco	nexus_56128p	-	cpe:2.3:h:cisco:nexus_56128p:-:::::::*
cisco	nexus_5624q	-	cpe:2.3:h:cisco:nexus_5624q:-:::::::*

Rows per page:

1-10 of 771

References

www.securitytracker.com/id/1041169

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-api-execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

46.2%

JSON

Related for NVD:CVE-2018-0313

cvelist1 nessus2 prion1 cisco1 cve1