Details of VAR-201801-1041

ID

VAR-201801-1041

CVE

CVE-2018-0090

TITLE

Cisco NX-OS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001514

DESCRIPTION

A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvf31132. Cisco NX-OS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf31132 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches and so on are Cisco's switch products. Cisco NX-OS System Software is a set of software that runs on the switch. Cisco NX-OS System Software is prone to a denial-of-service vulnerability Attackers can exploit this issue to cause the application to consume excessive CPU resources, denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2018-0090 // JVNDB: JVNDB-2018-001514 // CNVD: CNVD-2018-02051 // BID: 102753 // VULHUB: VHN-118292

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-02051

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	8.8\(3.5\)s0	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(2\)n1\(0.6\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.3\(0\)kms\(0.31\)	Trust: 1.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	70000	Trust: 0.9
vendor:	cisco	model:	nx-os	scope:	lt	version:	7.3.2	Trust: 0.8
vendor:	cisco	model:	nexus series	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	nexus series switche	scope:	eq	version:	3000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	6000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	7700	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	5600	Trust: 0.6
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	5500	Trust: 0.6
vendor:	cisco	model:	multilayer director switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	56000	Trust: 0.3
vendor:	cisco	model:	nexus platform switches	scope:	eq	version:	55000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	30000	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	20000	Trust: 0.3
vendor:	cisco	model:	multilayer director switches	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-02051 // BID: 102753 // JVNDB: JVNDB-2018-001514 // CNNVD: CNNVD-201801-629 // NVD: CVE-2018-0090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0090
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0090
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-02051
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-629
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118292
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0090
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-02051
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118292
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0090
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-02051 // VULHUB: VHN-118292 // JVNDB: JVNDB-2018-001514 // CNNVD: CNNVD-201801-629 // NVD: CVE-2018-0090

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.9
problemtype:	CWE-20	Trust: 1.0

sources: VULHUB: VHN-118292 // JVNDB: JVNDB-2018-001514 // NVD: CVE-2018-0090

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-629

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201801-629

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001514

PATCH

title:	cisco-sa-20180117-nxos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos	Trust: 0.8
title:	Patch for Cisco NX-OS System Software Management Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/114503	Trust: 0.6
title:	Multiple Cisco product Cisco NX-OS System Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77809	Trust: 0.6

sources: CNVD: CNVD-2018-02051 // JVNDB: JVNDB-2018-001514 // CNNVD: CNNVD-201801-629

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0090	Trust: 3.4
db:	BID	id:	102753	Trust: 2.6
db:	SECTRACK	id:	1040247	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001514	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-629	Trust: 0.7
db:	CNVD	id:	CNVD-2018-02051	Trust: 0.6
db:	VULHUB	id:	VHN-118292	Trust: 0.1

sources: CNVD: CNVD-2018-02051 // VULHUB: VHN-118292 // BID: 102753 // JVNDB: JVNDB-2018-001514 // CNNVD: CNNVD-201801-629 // NVD: CVE-2018-0090

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-nxos	Trust: 2.6
url:	http://www.securityfocus.com/bid/102753	Trust: 1.7
url:	http://www.securitytracker.com/id/1040247	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0090	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0090	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-02051 // VULHUB: VHN-118292 // BID: 102753 // JVNDB: JVNDB-2018-001514 // CNNVD: CNNVD-201801-629 // NVD: CVE-2018-0090

CREDITS

Cisco

Trust: 0.3

sources: BID: 102753

SOURCES

db:	CNVD	id:	CNVD-2018-02051
db:	VULHUB	id:	VHN-118292
db:	BID	id:	102753
db:	JVNDB	id:	JVNDB-2018-001514
db:	CNNVD	id:	CNNVD-201801-629
db:	NVD	id:	CVE-2018-0090

LAST UPDATE DATE

2024-11-23T22:30:31.918000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-02051	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-118292	date:	2019-10-09T00:00:00
db:	BID	id:	102753	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001514	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-629	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0090	date:	2024-11-21T03:37:30.100

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-02051	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-118292	date:	2018-01-18T00:00:00
db:	BID	id:	102753	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001514	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-629	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0090	date:	2018-01-18T06:29:00.470