Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0308

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code or cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69954, CSCve02463, CSCve02785, CSCve02787, CSCve02804, CSCve04859.

Published

2018-06-20T21:29:00.623

Last Modified

2024-11-21T03:37:56.830

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	nexus_7000_firmware	7.3\(2\)d1\(0.49\)	Yes
Operating System	cisco	nexus_7000_firmware	8.0\(1\)	Yes
Operating System	cisco	nexus_7000_firmware	8.1\(0.112\)s0	Yes
Hardware	cisco	nexus_7000	-	No
Operating System	cisco	nexus_5000_firmware	7.0\(0\)hsk\(0.357\)	Yes
Operating System	cisco	nexus_5000_firmware	7.3\(0\)d1\(0.98\)	Yes
Operating System	cisco	nexus_5000_firmware	8.1\(0.2\)s0	Yes
Hardware	cisco	nexus_5000	-	No
Operating System	cisco	firepower_9000_firmware	r211	Yes
Operating System	cisco	firepower_9000_firmware	r231	Yes
Hardware	cisco	firepower_9000	-	No
Operating System	cisco	nexus_9000_firmware	8.1\(0\)bd\(0.20\)	Yes
Operating System	cisco	nexus_9000_firmware	8.1\(1\)s4	Yes
Hardware	cisco	nexus_9000	-	No
Operating System	cisco	unified_computing_system_firmware	3.1\(3a\)a	Yes
Operating System	cisco	unified_computing_system_firmware	7.0\(0\)hsk\(0.357\)	Yes
Hardware	cisco	unified_computing_system	-	No

References

http://www.securityfocus.com/bid/104514 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1041169 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104514 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041169 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)