CVE-2018-0298

Published: Jun 21, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.

Affected (5)

Products: Cisco: Nx Os, Firepower Extensible Operating System

Cisco

2 products

Nx Os

Firepower Extensible Operating System

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 3.0\(2\) to 3.1\(3a\)a

Running on/with	Platform Versions
Cisco Ucs 6120xp	All versions
Cisco Ucs 6140xp	All versions
Cisco Ucs 6248up	All versions
Cisco Ucs 6296up	All versions
Cisco Ucs 6324	All versions
Cisco Ucs 6332	All versions

Configuration B

2 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Cisco Firepower Extensible Operating System	From 1.1 to 1.1.4.169
Cisco Firepower Extensible Operating System	From 2.0 to 2.0.1.135

Running on/with	Platform Versions
Cisco Firepower 4110	All versions
Cisco Firepower 4120	All versions
Cisco Firepower 4140	All versions
Cisco Firepower 4150	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Firepower Extensible Operating System	From 1.1 to 1.1.4.179
Cisco Firepower Extensible Operating System	From 2.0 to 2.0.1.153

Running on/with	Platform Versions
Cisco Firepower 9300 Security Appliance	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.