CVE-2018-0330

Published: Jun 20, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.

Affected (15)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

4 vulnerable · 12 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 7.3 to 7.3\(3\)n1\(1\)
Cisco Nx Os	Version 6.0
Cisco Nx Os	Version 7.0
Cisco Nx Os	Version 7.1

Running on/with	Platform Versions
Cisco Nexus 5000	All versions
Cisco Nexus 5010	All versions
Cisco Nexus 5020	All versions
Cisco Nexus 5548p	All versions
Cisco Nexus 5548up	All versions
Cisco Nexus 5596t	All versions
Cisco Nexus 5596up	All versions
Cisco Nexus 56128p	All versions
Cisco Nexus 5624q	All versions
Cisco Nexus 5648q	All versions
Cisco Nexus 5672up	All versions
Cisco Nexus 5696q	All versions

Configuration B

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	From 8.1 to 8.1.2
Cisco Nx Os	Version 7.2
Cisco Nx Os	Version 8.0

Running on/with	Platform Versions
Cisco Nexus 7000	All versions
Cisco Nexus 7700	All versions

Configuration C

19 platform

Running on/with	Platform Versions
Cisco Nexus 92160yc X	All versions
Cisco Nexus 92304qc	All versions
Cisco Nexus 9236c	All versions
Cisco Nexus 9272q	All versions
Cisco Nexus 93108tc Ex	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 93128tx	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 9332pq	All versions
Cisco Nexus 9372px	All versions
Cisco Nexus 9372tx	All versions
Cisco Nexus 9396px	All versions
Cisco Nexus 9396tx	All versions
Cisco Nexus 9504	All versions
Cisco Nexus 9508	All versions
Cisco Nexus 9516	All versions
Cisco Nexus N9k C9508 Fm R	All versions
Cisco Nexus N9k X9636c R	All versions
Cisco Nexus N9k X9636q R	All versions

Configuration D

2 vulnerable · 28 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Before 7.0\(3\)i3
Cisco Nx Os	From 7.0\(3\)i4 to 7.0\(3\)i7\(1\)

Running on/with	Platform Versions
Cisco Nexus 172tq Xl	All versions
Cisco Nexus 3016	All versions
Cisco Nexus 3048	All versions
Cisco Nexus 3064 32t	All versions
Cisco Nexus 3064 T	All versions
Cisco Nexus 3064 X	All versions
Cisco Nexus 3100 V	All versions
Cisco Nexus 31128pq	All versions
Cisco Nexus 3132c Z	All versions
Cisco Nexus 3132q	All versions
Cisco Nexus 3132q X	All versions
Cisco Nexus 3132q Xl	All versions
Cisco Nexus 3164q	All versions
Cisco Nexus 3172pq	All versions
Cisco Nexus 3172pq Xl	All versions
Cisco Nexus 3172tq	All versions
Cisco Nexus 3172tq 32t	All versions
Cisco Nexus 3232c	All versions
Cisco Nexus 3264c E	All versions
Cisco Nexus 3264q	All versions
Cisco Nexus 34180yc	All versions
Cisco Nexus 3524 X	All versions
Cisco Nexus 3524 Xl	All versions
Cisco Nexus 3548	All versions
Cisco Nexus 3548 X	All versions
Cisco Nexus 3548 Xl	All versions
Cisco Nexus 3636c R	All versions
Cisco Nexus C36180yc R	All versions