← Back

CVE-2018-0301

nvd nist
Published: Jun 20, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. This vulnerability affects: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd45804, CSCve02322, CSCve02412.

Affected (16)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 vulnerable · 12 platform
Vulnerable SoftwareAffected Versions
Nx Os
From 6.0 to 7.3\(3\)n1\(1\)
Running on/withPlatform Versions
Cisco
Nexus 5000
All versions
Cisco
Nexus 5010
All versions
Cisco
Nexus 5020
All versions
Cisco
Nexus 5548p
All versions
Cisco
Nexus 5548up
All versions
Cisco
Nexus 5596t
All versions
Cisco
Nexus 5596up
All versions
Cisco
Nexus 56128p
All versions
Cisco
Nexus 5624q
All versions
Cisco
Nexus 5648q
All versions
Cisco
Nexus 5672up
All versions
Cisco
Nexus 5696q
All versions
Configuration B
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
From 7.2 to 7.3\(2\)d1\(1\)
Nx Os
From 8.0 to 8.1\(1\)
Running on/withPlatform Versions
Cisco
Nexus 7000
All versions
Cisco
Nexus 7700
All versions
Configuration C
19 platform
Running on/withPlatform Versions
Cisco
Nexus 92160yc X
All versions
Cisco
Nexus 92304qc
All versions
Cisco
Nexus 9236c
All versions
Cisco
Nexus 9272q
All versions
Cisco
Nexus 93108tc Ex
All versions
Cisco
Nexus 93120tx
All versions
Cisco
Nexus 93128tx
All versions
Cisco
Nexus 93180yc Ex
All versions
Cisco
Nexus 9332pq
All versions
Cisco
Nexus 9372px
All versions
Cisco
Nexus 9372tx
All versions
Cisco
Nexus 9396px
All versions
Cisco
Nexus 9396tx
All versions
Cisco
Nexus 9504
All versions
Cisco
Nexus 9508
All versions
Cisco
Nexus 9516
All versions
Cisco
Nexus N9k C9508 Fm R
All versions
Cisco
Nexus N9k X9636c R
All versions
Cisco
Nexus N9k X9636q R
All versions
Configuration D
3 vulnerable · 28 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
Before 7.0\(3\)i4
Nx Os
From 7.0\(3\)i5 to 7.0\(3\)i7\(1\)
Nx Os
Version 7.0(3)i7
Running on/withPlatform Versions
Cisco
Nexus 172tq Xl
All versions
Cisco
Nexus 3016
All versions
Cisco
Nexus 3048
All versions
Cisco
Nexus 3064 32t
All versions
Cisco
Nexus 3064 T
All versions
Cisco
Nexus 3064 X
All versions
Cisco
Nexus 3100 V
All versions
Cisco
Nexus 31128pq
All versions
Cisco
Nexus 3132c Z
All versions
Cisco
Nexus 3132q
All versions
Cisco
Nexus 3132q X
All versions
Cisco
Nexus 3132q Xl
All versions
Cisco
Nexus 3164q
All versions
Cisco
Nexus 3172pq
All versions
Cisco
Nexus 3172pq Xl
All versions
Cisco
Nexus 3172tq
All versions
Cisco
Nexus 3172tq 32t
All versions
Cisco
Nexus 3232c
All versions
Cisco
Nexus 3264c E
All versions
Cisco
Nexus 3264q
All versions
Cisco
Nexus 34180yc
All versions
Cisco
Nexus 3524 X
All versions
Cisco
Nexus 3524 Xl
All versions
Cisco
Nexus 3548
All versions
Cisco
Nexus 3548 X
All versions
Cisco
Nexus 3548 Xl
All versions
Cisco
Nexus 3636c R
All versions
Cisco
Nexus C36180yc R
All versions
Configuration E
4 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
From 7.3 to 7.3\(3\)n1\(1\)
Nx Os
Version 6.0
Nx Os
Version 7.1
Nx Os
Version 7.2
Running on/withPlatform Versions
Cisco
Nexus 6001p
All versions
Cisco
Nexus 6001t
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 7.0
Running on/withPlatform Versions
Cisco
Nexus 9500
All versions
Configuration G
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Nx Os
From 7.3 to 8.1\(1\)
Nx Os
Version 5.2
Nx Os
Version 6.2
Nx Os
Version 8.1
Nx Os
Version 8.2
Running on/withPlatform Versions
Cisco
Mds 9000
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.