← Back

CVE-2018-0292

nvd nist
Published: Jun 20, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCuv79620, CSCvg71263.

Affected (5)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
12 platform
Running on/withPlatform Versions
Cisco
Nexus 5000
All versions
Cisco
Nexus 5010
All versions
Cisco
Nexus 5020
All versions
Cisco
Nexus 5548p
All versions
Cisco
Nexus 5548up
All versions
Cisco
Nexus 5596t
All versions
Cisco
Nexus 5596up
All versions
Cisco
Nexus 56128p
All versions
Cisco
Nexus 5624q
All versions
Cisco
Nexus 5648q
All versions
Cisco
Nexus 5672up
All versions
Cisco
Nexus 5696q
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 6.2 to 8.1\(2\)
Running on/withPlatform Versions
Cisco
Nexus 7000
All versions
Cisco
Nexus 7700
All versions
Configuration C
1 vulnerable · 19 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 12.1 to 13.1\(1i\)
Running on/withPlatform Versions
Cisco
Nexus 92160yc X
All versions
Cisco
Nexus 92304qc
All versions
Cisco
Nexus 9236c
All versions
Cisco
Nexus 9272q
All versions
Cisco
Nexus 93108tc Ex
All versions
Cisco
Nexus 93120tx
All versions
Cisco
Nexus 93128tx
All versions
Cisco
Nexus 93180yc Ex
All versions
Cisco
Nexus 9332pq
All versions
Cisco
Nexus 9372px
All versions
Cisco
Nexus 9372tx
All versions
Cisco
Nexus 9396px
All versions
Cisco
Nexus 9396tx
All versions
Cisco
Nexus 9504
All versions
Cisco
Nexus 9508
All versions
Cisco
Nexus 9516
All versions
Cisco
Nexus N9k C9508 Fm R
All versions
Cisco
Nexus N9k X9636c R
All versions
Cisco
Nexus N9k X9636q R
All versions
Configuration D
2 vulnerable · 28 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
Up to 7.0\(3\)i4
Nx Os
From 7.0\(3\)i5 to 7.0\(3\)i7\(1\)
Running on/withPlatform Versions
Cisco
Nexus 172tq Xl
All versions
Cisco
Nexus 3016
All versions
Cisco
Nexus 3048
All versions
Cisco
Nexus 3064 32t
All versions
Cisco
Nexus 3064 T
All versions
Cisco
Nexus 3064 X
All versions
Cisco
Nexus 3100 V
All versions
Cisco
Nexus 31128pq
All versions
Cisco
Nexus 3132c Z
All versions
Cisco
Nexus 3132q
All versions
Cisco
Nexus 3132q X
All versions
Cisco
Nexus 3132q Xl
All versions
Cisco
Nexus 3164q
All versions
Cisco
Nexus 3172pq
All versions
Cisco
Nexus 3172pq Xl
All versions
Cisco
Nexus 3172tq
All versions
Cisco
Nexus 3172tq 32t
All versions
Cisco
Nexus 3232c
All versions
Cisco
Nexus 3264c E
All versions
Cisco
Nexus 3264q
All versions
Cisco
Nexus 34180yc
All versions
Cisco
Nexus 3524 X
All versions
Cisco
Nexus 3524 Xl
All versions
Cisco
Nexus 3548
All versions
Cisco
Nexus 3548 X
All versions
Cisco
Nexus 3548 Xl
All versions
Cisco
Nexus 3636c R
All versions
Cisco
Nexus C36180yc R
All versions
Configuration E
8 platform
Running on/withPlatform Versions
Cisco
Nexus 2148t
All versions
Cisco
Nexus 2224tp Ge
All versions
Cisco
Nexus 2232pp 10ge
All versions
Cisco
Nexus 2232tm E 10ge
All versions
Cisco
Nexus 2232tm 10ge
All versions
Cisco
Nexus 2248pq 10ge
All versions
Cisco
Nexus 2248tp E
All versions
Cisco
Nexus 2248tp Ge
All versions
Configuration F
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 6.0 to 7.3\(3\)n1\(1\)
Running on/withPlatform Versions
Cisco
Nexus 6001p
All versions
Cisco
Nexus 6001t
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.